Comments on: xAuth/OAuth checked into master http://getbuzzbird.com/bb/2010/05/xauthoauth-checked-into-master/ The Awesome Open Source Twitter Client Sun, 18 Mar 2012 14:15:54 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Antonio http://getbuzzbird.com/bb/2010/05/xauthoauth-checked-into-master/comment-page-1/#comment-584 Antonio Wed, 16 Mar 2011 17:37:28 +0000 http://getbuzzbird.com/bb/?p=193#comment-584 I could even agree with most of your OAuth criticism, but it's a golden standard compared to asking people for their passwords like Buzzbird and many other apps do. If you share your passwords with anything, machine or human, then you don't understand basic security or are looking forward to identity theft. http://adactio.com/journal/1357/ I could even agree with most of your OAuth criticism, but it’s a golden standard compared to asking people for their passwords like Buzzbird and many other apps do. If you share your passwords with anything, machine or human, then you don’t understand basic security or are looking forward to identity theft.

http://adactio.com/journal/1357/

]]> By: Mike http://getbuzzbird.com/bb/2010/05/xauthoauth-checked-into-master/comment-page-1/#comment-204 Mike Sat, 19 Jun 2010 01:40:06 +0000 http://getbuzzbird.com/bb/?p=193#comment-204 Yep. I'm contemplating advertising my key in the title of a blog post just to make a point of how asinine OAuth is. I'll probably remove it from git (I think Twitter requires that now), but Buzzbird is distributed as a pile of plaintext scripts. It's the furthest thing from "secret." Anyone can find it with almost no effort. Gah.Whatevs. Yep. I’m contemplating advertising my key in the title of a blog post just to make a point of how asinine OAuth is. I’ll probably remove it from git (I think Twitter requires that now), but Buzzbird is distributed as a pile of plaintext scripts. It’s the furthest thing from “secret.” Anyone can find it with almost no effort.

Gah.Whatevs.

]]> By: Chris http://getbuzzbird.com/bb/2010/05/xauthoauth-checked-into-master/comment-page-1/#comment-203 Chris Fri, 18 Jun 2010 21:36:41 +0000 http://getbuzzbird.com/bb/?p=193#comment-203 Oh look, I went to git-hub, and looked at your source code for Buzzbird and found a consumerKey and consumerSecret. Oh joy, now I can spoof buzzbird... More like the Oauthflawpocalypse... Oauth is stupid, flawed, open source desktop app unfriendly ahHhhHHHHhHhhHHhHh!!!!!!!!!!*untold violence* Just been working on my own open source twitter client, using python + pyqt4, and I've been ignoring oAuth for several months. The deadline for basic death appears, and now I face the security flaw brick wall, and than deadline is pushed back, but still, it's still a serious problem that needs to be resolved before August >_< Oh look, I went to git-hub, and looked at your source code for Buzzbird and found a consumerKey and consumerSecret. Oh joy, now I can spoof buzzbird…

More like the Oauthflawpocalypse…

Oauth is stupid, flawed, open source desktop app unfriendly ahHhhHHHHhHhhHHhHh!!!!!!!!!!*untold violence*

Just been working on my own open source twitter client, using python + pyqt4, and I’ve been ignoring oAuth for several months. The deadline for basic death appears, and now I face the security flaw brick wall, and than deadline is pushed back, but still, it’s still a serious problem that needs to be resolved before August >_<

]]>