I'll keep that in mind as an option, but it's not particularly
user-friendly. Basic Auth lets users use the password they know; OAuth
keeps users from having to worry about passwords at all. This setup
requires users to keep track of some other strange value. Developers
understand it, so it's a fine setup for a site like GitHub, but it
doesn't seem like a good approach for a more general and potentially
non-technical user base.
Lucas Araujo wrote:
I agree, remote key is a very cool feature.
Lucas Araujo
FriendFeed-as3 - An Actionscript 3 version of Friendfeed API
http://code.google.com/p/friendfeed-as3/
On Thu, Feb 5, 2009 at 09:37, Ninjamonk <dar...@stuartmedia.co.uk
<mailto:dar...@stuartmedia.co.uk>> wrote:
Have you guys considered maybe tweaking the basic auth system to
something like what friendfeed has.
Each user could be given a third party system generated key to use
instead of a password and then basic auth could still be used and not
tired to the system password.
If the user felt their account had been compromised by an app they
could just generate a new code and also this would protect the users
account from hijacking.
I know you don't want to have 2 different systems for auth but this
could be used for legacy apps and for use cases like funkatron
mentioned earlier in the thread.
Cheers
On Feb 5, 4:59 am, Cameron Kaiser <spec...@floodgap.com
<mailto:spec...@floodgap.com>> wrote:
> > Thanks for the feedback, guys. We'll consider extending Basic
Auth's
> > life, or maybe granting a "stay of execution" to known-good
apps. At the
> > very least, we'll try not to pull the rug out from under anyone.
>
> I appreciate the consideration. :)
>
> --
> ------------------------------------
personal:http://www.cameronkaiser.com/--
> Cameron Kaiser * Floodgap Systems *www.floodgap.com
<http://www.floodgap.com>* ckai...@floodgap.com
<mailto:ckai...@floodgap.com>
> -- Another visitor. Stay awhile. Stay forever! -- Professor
Elvin Atombender --
--
Alex Payne - API Lead, Twitter, Inc.
http://twitter.com/al3x
