Nothing new, this has been argued about/discussed before. Life is a
series of trade-offs ...

∞ Andy Badera
∞ +1 518-641-1280 Google Voice
∞ This email is: [ ] bloggable [x] ask first [ ] private
∞ Google me: http://www.google.com/search?q=andrew%20badera



On Thu, Dec 10, 2009 at 9:09 PM, Dewald Pretorius <dpr...@gmail.com> wrote:
> OAuth poses a very real risk for any downloadable application. Think
> TweetDeck. Think Tweetie. Etc.
>
> I'm not an expert at OAuth, but if my understanding is correct, then
> an application will either have to include its Consumer Key Secret in
> its compiled code (which most will probably do), or dynamically
> request it from its host server (which breaks offline usage).
>
> Now, will there be hackers and scammers that will decompile
> TweetDeck's code to get their grubby hands on its Consumer Key Secret?
> You bet your bottom dollar there will be. Many.
>
> Once they have that, they can spam the living shits out of Twitter,
> and there is nothing, NOTHING, Twitter can do to stop it.
>
> TweetDeck cannot request or generate a new Consumer Key Secret,
> because that breaks all its currently installed apps.
>
> Twitter cannot block by app because they will disable all legitimate
> TweetDeck users. And they cannot block by IP address, if the scammers
> are clever in their use of proxies.
>
> Just a thought...
>
> Dewald
>

Reply via email to