On Wed, Aug 5, 2009 at 3:04 AM, Chris Babcock <cbabc...@kolonelpanic.com>wrote:
> > I would strongly recommend OAuth for verifying users, or at least > making it an option, as there is a DoS attack possible against service > providers who rely on this API for access to their app. > > Chris Babcock > > I'm not sure how OAuth helps, as the problem still exists, even with OAuth users. Even with OAuth, it is still 15 requests per user per hour on verify_credentials. Of course, you probably don't have to run verify_credentials as often with OAuth, but the problem still exists, and there are cases where I can see this could become an issue. Jesse
