On 2 mar, 14:40, Dougal Matthews <douga...@gmail.com> wrote: > On 2 March 2010 14:11, hcarvalhoalves <hcarvalhoal...@gmail.com> wrote: > > > Sorry, I just saw Twitpic's documentation now [1]. > > > What I can say, is that their implementation is a joke. > > It's not that simple. Twitpic is usually used by 3rd party programs - not > directly. So for example with Tweetdeck, if they wanted to integrate Twitpic > I would have to use oauth to allow tweetdeck and then oauth again with > twitpic and every other service. In other words, a horrible > user experience - the same would apply to websites.
OT: That's *exactly* why they created the authorization - every 3rd app and website need to authorize first. Blaming it on UX is not the answer. What's the point of Twitter having proper HTTPS and not storing plain- text passwords if everyone else is doing it wrong because of broken stuff like Twitpic? Everyone knows that an app integrating with it is required to send unencrypted POSTs with plain passwords, and that a website integrating with it is required to contain thousands passwords on the database. Hashing passwords unsalted is useless. Take the formula of weak passwords + rainbow tables and anyone can retrieve a bunch of Twitter credentials in a matter of *minutes*. Ever wondered how the exploits people used some months ago to get thousands of followers worked? @Chris If you're doing something bigger than a toy, please, try to figure a better way of integrating that doesn't require you to store usernames *and* passwords (hashed or not doesn't matter, because unsalted is useless). Or poke Twitpic's kid to get a proper implementation so you can do a clean job, and everybody benefits. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
