There is no way to prevent basic auth apps (web or desktop) from taking over
your account or performing username/password changes. They have your
username and password and can just log into the web interface.

Little androids dreaming of Nexus Ones compiled this text.

On Apr 26, 2010 10:56 PM, "Ron B" <> wrote:

Unless I'm wrong (it happens), I believe you can do everything the API
offers with OAuth that you can currently do with basic auth.  But even
if that isn't true, preventing basic auth from allowing username/
password changes is a much more direct solution (and easier) than
forcing an OAuth implementation to solve that issue.

Anytime you enter your credentials, regardless of where, you open
yourself to being snooped.  I believe that is far less likely when
communicating with YOUR app on YOUR computer, than it is via a browser
over the open Internet to a 3rd party that may or may not be who you
think it is...

On Apr 26, 7:49 pm, philip crawford <> wrote:
> With a users twitter password,...

> On Mon, Apr 26, 2010 at 7:43 PM, Ron B <> wrote:
> > Where end-user credentials...
> An Experiment in Local Professional Networkinghttp://

Subscription settings:

Reply via email to