There is no way to prevent basic auth apps (web or desktop) from taking over
your account or performing username/password changes. They have your
username and password and can just log into the web interface.
Little androids dreaming of Nexus Ones compiled this text.
On Apr 26, 2010 10:56 PM, "Ron B" <rbther...@gmail.com> wrote:
Unless I'm wrong (it happens), I believe you can do everything the API
offers with OAuth that you can currently do with basic auth. But even
if that isn't true, preventing basic auth from allowing username/
password changes is a much more direct solution (and easier) than
forcing an OAuth implementation to solve that issue.
Anytime you enter your credentials, regardless of where, you open
yourself to being snooped. I believe that is far less likely when
communicating with YOUR app on YOUR computer, than it is via a browser
over the open Internet to a 3rd party that may or may not be who you
think it is...
On Apr 26, 7:49 pm, philip crawford <philipha...@gmail.com> wrote:
> With a users twitter password,...
> On Mon, Apr 26, 2010 at 7:43 PM, Ron B <rbther...@gmail.com> wrote:
> > Where end-user credentials...
> An Experiment in Local Professional Networkinghttp://