Thanks for the information.  I will look at

On Aug 11, 9:38 am, Taylor Singletary <>
> One implementation option you have is to build only the portions of OAuth
> that you need to meet your goals. On we provide a feature
> that allows you to retrieve the access token for your own account, owning
> the application. You would then hard code this access token and your API
> keys within your device (with best effort security).
> The migration from basic auth isn't an issue of protecting from
> man-in-the-middle attacks (such that SSL would prevent) but more of an issue
> with applications having access to Twitter usernames and passwords. There
> are many people who use the same passwords across multiple sites, so the
> security risk of supporting basic auth does not stop at Twitter.
> TaylorOn Wed, Aug 11, 2010 at 9:30 AM, ERenken <> wrote:
> > So how can I use OAuth on a hardware device we are creating that
> > doesn't have a UI?  Can I share the key between all the devices?  This
> > is only twittering to 1 account that we have created.  Seems like
> > OAuth is going to make stuff like this harder for people to develope.
> > Seems like it would have just bee easier for security if you would
> > have added HTTPS and left basic auth.  At least for embedded devices
> > so they could send tweets.

Reply via email to