On Tue, Feb 09, 2010 at 04:07:29PM -0800, Dewald Pretorius wrote: > I don't see how Allow being the default can be a security issue.
Authorizing an app that you don't intend to has the potential to result in significant harm - forged status updates, follow list vandalism, etc. It *is* a security issue. In contrast, accidentally denying an app that you intend to authorize (as would happen in the current setup) merely results in minor inconvenience by requiring you to go back and try again. Unless you happen to be an automated tool which lacks the flexibility to allow the actual user to specify which button you should hit, but I'd say that's evidence that RoboForm is broken, not that there's a problem with Twitter's oAuth form. > The > user is specifically sent to that page for the purpose of granting > access. Only a minuscule number of users will need to click the Deny > button. The user is specifically sent to that page because the app wants them to grant access, which does not necessarily mean that the user wishes to do so. Most of us on this list are trivially capable of creating an app that displays a "click here to win $1,000,000 and a pony" link which takes the user to the Twitter oAuth page without giving them any prior indication that Twitter would be involved. In that case, the vast majority of users would (or at least should) click "Deny" because they were sent there under false pretenses. "Most frequent case" does not imply "secure". If it did, we wouldn't bother with passwords or authentication at all because, hey, it's pretty much only ever me who uses my Twitter account. Only a miniscule number of attempts to update @DaveSherohman's status are made by people other than me. -- Dave Sherohman