|
|
|
|
|
|
by cgart
5157 days ago
|
|
|
Going through the comments posted here, I wonder why actually nobody speaks loud an obvious thing: "Why in the hell twitter uses non-obfuscated password?" I think on of the rule of thumb, when creating a webservice with credentials, is to store the password in the way in the database, that it cannot be retrieved. I mean, you usually obfuscate it with some salt and then hash it afterwards. Assuming Twitter does this kind of obfuscation, then all the password couldn't be retrieved from Twitter directly and hence no blaim on Twitter side. Assuming Twitter does not obfuscate the password, why then nobody mentioning this? In such a case Twitter made a beginner failure and this should be somehow pointed out, I think. I just remember the case about one dating-site, which did that and it was more or less lynched for this by the community. |
|
|