On Sat, Nov 7, 2009 at 9:46 PM, Cameron Kaiser <spec...@floodgap.com> wrote:

> > By credentials, I meant the OAuth tokens, consumer keys, etc.
> >
> > Wouldn't they be visible to the browser/desktop-client? And hence,
> couldn't
> > they be copied and reused by somebody so determined?
> Not necessarily the tokens, but the consumer keys could be extracted. This
> is
> an acknowledged failing of OAuth, and has been discussed quite a bit here
> before (search the archives).

All I want to know is:
Does Twitter have any policies against use of OAuth in these circumstances?

PS. Sorry if this is a repeat question. I searched the archives. There are
6800 results for "oauth" and 800 results for "oauth security". 700 results
for "oauth browser". Just couldn't wade through all of them.

Harshad RJ

Reply via email to