On Tue, Feb 09, 2010 at 04:07:29PM -0800, Dewald Pretorius wrote:
> I don't see how Allow being the default can be a security issue.

Authorizing an app that you don't intend to has the potential to result
in significant harm - forged status updates, follow list vandalism, etc.
It *is* a security issue.

In contrast, accidentally denying an app that you intend to authorize
(as would happen in the current setup) merely results in minor
inconvenience by requiring you to go back and try again.  Unless you
happen to be an automated tool which lacks the flexibility to allow the
actual user to specify which button you should hit, but I'd say that's
evidence that RoboForm is broken, not that there's a problem with
Twitter's oAuth form.

> The
> user is specifically sent to that page for the purpose of granting
> access. Only a minuscule number of users will need to click the Deny
> button.

The user is specifically sent to that page because the app wants them to
grant access, which does not necessarily mean that the user wishes to do
so.  Most of us on this list are trivially capable of creating an app
that displays a "click here to win $1,000,000 and a pony" link which
takes the user to the Twitter oAuth page without giving them any prior
indication that Twitter would be involved.  In that case, the vast
majority of users would (or at least should) click "Deny" because they
were sent there under false pretenses.

"Most frequent case" does not imply "secure".  If it did, we wouldn't
bother with passwords or authentication at all because, hey, it's pretty
much only ever me who uses my Twitter account.  Only a miniscule number
of attempts to update @DaveSherohman's status are made by people other
than me.

Dave Sherohman

Reply via email to