On Mar 1, 2010, at 2:56 PM, Chris wrote:
> Hello,
>
> When working with photo API's such as twitpic, what is the best way of
> storing the password?
> Since the password needs to be sent in its natural form, hashing is
> not an option. I read recently heard that a company was held
> accountable
On 2 mar, 14:40, Dougal Matthews wrote:
> On 2 March 2010 14:11, hcarvalhoalves wrote:
>
> > Sorry, I just saw Twitpic's documentation now [1].
>
> > What I can say, is that their implementation is a joke.
>
> It's not that simple. Twitpic is usually used by 3rd party programs - not
> directly. S
On 2 March 2010 14:11, hcarvalhoalves wrote:
> Sorry, I just saw Twitpic's documentation now [1].
>
> What I can say, is that their implementation is a joke.
>
It's not that simple. Twitpic is usually used by 3rd party programs - not
directly. So for example with Tweetdeck, if they wanted to int
Sorry, I just saw Twitpic's documentation now [1].
What I can say, is that their implementation is a joke. Twitter is
already supporting 3rd party apps authorization the proper way,
there's no reason for Twitpic to ask user's passwords. While their
implementation is wrong and they need to fix it,
If I'm not wrong, you *should not* be storing the user's password on
your database. All you need to store is the API key, and it's useless
if stolen because most webservices generate the key to match your host/
domain.
The process to get an API key is, generally, 1-2-3, so you just pass
around req
Hello,
When working with photo API's such as twitpic, what is the best way of
storing the password?
Since the password needs to be sent in its natural form, hashing is
not an option. I read recently heard that a company was held
accountable (sued) for not encrypting their user's API passwords and
6 matches
Mail list logo
