On Jan 18, 7:57 pm, Marc Mims <marc.m...@gmail.com> wrote:
> * John Meyer <john.l.me...@gmail.com> [100118 19:38]:
> > But you still control your own keys. If you find that somebody has
> > compromised your program, you can revoke those consumer keys through
> > twitter and regenerate them.
> That isn't reasonable. If my desktop app has 10,000 users, and one user
> extracts and uses the consumer key pair, regenerating a new pair and
> distributing them is a huge burden on the developer and the 9,999 other
> users. And that single malicious user will have the new pair extracted
> and in use before you can finish pushing out the update.
> Like I said earlier, Twitter needs to revoke access for malicious
> activity per user, not per app.
Yes, but I'm guessing in the stress of an active attack against the
Twitter infrastructure, they'll shut the app down first so they can
breathe and figure out who the malicious users are. And in the case of
botnets, there could be thousands of malicious users. Yet another
reason for building server apps, preferably server apps that will work
on a ChromeOS netbook and iPhone/Apple Tablet/Android browser. Oops -
did I just give away my business strategy? ;-)
M. Edward (Ed) Borasky
I've never met a happy clam. In fact, most of them were pretty steamed.