On 4/27/2010 4:38 PM, Taylor Singletary wrote:
The twitter screen name is less of a concern, yes John. But a Twitter
username can take an email address also, which isn't information
otherwise provided by the API and is personally identifiable and
especially dangerous when stored in conjunction with a password. A
screen name, in context with data we return to you falls under our
rather liberal caching policies -- you get the screen name along with
the user id as a response to a valid access token request.

but you're more concerned with the two being stored in such a manner (i.e. together) that a person could use that information to access a Twitter account outside of the oAuth? and as far as the e-mail is concerned, a lot of sites also register their users through e-mail addresses on their own.

Reply via email to