Encryption on disk and encryption over the wire are not the issues and
really don't have very much to do with the Basic vs. OAuth decision.

The most important issue I see is that Basic Auth requires you to give
your Twitter credentials to a person you do not know.  This is a BAD

Basic Auth is great for prototyping and testing and getting the core
functionality of your app working, but at some point you should bit
the bullet and implement OAuth.  It's better for your customers
(security) and it's better for you because your customers can use your
application with peace of mind.

If YOU wouldn't hand over YOUR Twitter credentials to a stranger, it's
silly to expect your users to do so.

On Jul 30, 11:40 am, "Bradley S. O'Hearne" <>

> In conclusion, as I've been reading this thread, the thing I keep  
> coming back to is that OAuth vs. Basic Auth seems somewhat a secondary  
> argument -- the real issue is encrypting over the wire (HTTPS) and  
> encryption on disk, and whether those can be cracked (or are being  
> used as they should). From a developer standpoint, given that the  
> cracking of encryption seems outside the scope of concerns with the  
> Twitter API, what is analog is which one serves the user better -- and  
> I think it is clear that the Basic Auth case has fewer steps and  
> quicker to the result.
> Please correct my misperceptions if I'm wrong, as I'd love to hear  
> what details I've overlooked.
> Regards,
> Brad
> On Jul 30, 2009, at 1:29 AM, Dmitriy V'jukov wrote:
> > On Jul 28, 3:27 pm, chinaski007 <> wrote:
> >> I suppose this is not so weird.  Users are accustomed to giving user/
> >> pass information even to "foreign" apps.
> > Agree. Anyway, if user just setups desktop app to his computer, he
> > already gives it much more than just login/password to some service.
> > And then there is 1000 and 1 way how app can then get all needed info
> > passing over user.
> > --
> > Dmitriy V'jukov

Reply via email to