On Feb 5, 10:38 pm, James Deville <james.devi...@gmail.com> wrote:
> Flickr doesn't seem to have a problem with the OAuth formula, so why are
> people thinking twitter will?
I'm not sure people have said Twitter would have a problem. I've
personally expressed some problems specific to applications I
develop. Much of what I said would apply to desktop apps for Flickr
too, but Flickr has never offered anything but OAuth (AFAIK).
> In addition, part of the concern I would have with Basic Auth is the
> plaintext password. Sure, it's Base64 encoded, but that's not encryption,
> that's just saving bandwidth. If twitter wanted to move to a different auth
> scheme, that might work. Or they could add ssl to the API front end, and use
> HTTPS, which is also expensive (either expensive SSL-offloading proxies, or
> you have to lock a session to a server). I don't think Twitter should keep a
> Basic Auth service. It just wouldn't be worth the risk to me.
SSL has been available in the API for as long as I recall, and is in
fact officially recommended, AFAIK.
--
Ed Finkler
http://funkatron.com
AIM: funka7ron
ICQ: 3922133
Skype: funka7ron
