Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Twitter has announced that it is to shut off all basic access authentication on its API.The Twitter API team confirmed that by this date, all applications need to switch to using the OAuth open protocol. The process began on last week when basic authentication rate limits were decreased by 15 requests per hour on each week day, and over the course of the next week basic authentication will be shut off temporarily for ten minutes.On 31 August, all basic authentication requests will be served with a HTTP 401 error code.Twitter said that the switch to OAuth will be a good thing for the application developer. Twitter said: “You don't have to worry about exposing the credentials for your users whether through a bug or other means (especially considering that a lot of people use the same password for multiple services); don't have to worry about the user changing their password — a user can change his or her password and the OAuth ‘connection' to your app will still work.“You don't have to worry about other applications masquerading as your application - only you can set the byline with your application name; you will eventually have access to more APIs from Twitter that will only be available to ‘trusted' OAuth-enabled applications; and it gives the Twitter API team more visibility into the network — you help us plan for capacity, and you help us squash spam and you help us identify bugs.”Chris Wysopal, CTO of Veracode, welcomed this change. He said: “Basic authentication requires client apps to store user names and passwords and vulnerabilities can leak these. All apps should be moving to something like OAuth.”See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.