On Wed, Aug 5, 2009 at 3:04 AM, Chris Babcock <cbabc...@kolonelpanic.com>wrote:

> I would strongly recommend OAuth for verifying users, or at least
> making it an option, as there is a DoS attack possible against service
> providers who rely on this API for access to their app.
> Chris Babcock
I'm not sure how OAuth helps, as the problem still exists, even with OAuth
users.  Even with OAuth, it is still 15 requests per user per hour on
verify_credentials.  Of course, you probably don't have to run
verify_credentials as often with OAuth, but the problem still exists, and
there are cases where I can see this could become an issue.


Reply via email to