What you say is true about all desktop applications that connect to an internet resource using some form of authentication. I don't see why somebody would expect a Twitter client to be any different.
Ryan Sent from my DROID On Jan 18, 2010 10:16 PM, "M. Edward (Ed) Borasky" <zzn...@gmail.com> wrote: I'm trying to define a minimum viable product that I can *sell*. Nothing I've seen in this thread so far has convinced me that a desktop application accessing Twitter is viable, with or without oAuth. "Without oAuth" isn't viable because it's deprecated by Twitter, and "with oAuth" isn't viable because it's *easy* to compromise. Sure, a server *can* be compromised, but it's a lot harder. On a server, I can control the choice of the entire stack - hardware, OS, application framework, DBMS, etc. I may not be able to prevent a DOS attack, but I can keep that away from Twitter - I can't control how users interact with Twitter using a compromised desktop app. There must be some other developers on this list - does *anybody* who develops Twitter apps for a living want to chime in and tell me I'm full of hot air here - that there *is* a way to develop and deploy a viable secure desktop Twitter app? > You guys are all freaking out about this when this is how the internet > works. Just look at emai... This is how the Internet works *now* - with 90 percent of the desktops running Windows, many of those not up to date on Windows Updates or virus scanner code and virus definitions, botnets controlling millions of PCs, the government of China exploiting holes in IE 6, bloggers calling openly for iPhone users to mount a DDOS against AT&T, GMail peeking at the content of my emails to suggest commercial products that I might happen to consider competitors, and Facebook selling your private data to scammers and spammers. There may be a thousand and one ways to get hurt on the Internet, but I'm not interested in deploying the 1002nd. That could all change with ChromeOS netbooks. I can dream. ;-) -- M. Edward (Ed) Borasky http://borasky-research.net/smart-at-znmeb "A mathematician is a device ...