Comment 4 for bug 782690
Revision history for this message
| mlissner (mlissner-michaeljaylissner) wrote | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
> That said, there's no indication that ClientLogin is any less secure than OAuth. ClientLogin is just old.
False. The whole point of OAuth is that users don't have to trust random software. I'm new to Shotwell, and it's asking me for my gmail password. How do I know (how could I ever know outside fo reading the codebase) that you aren't trying to get into my email? Doing so would allow you:
1. Access to my money through paypal and online banking
2. The ability to hack my servers (through poking around through logs and such)
3. To steal my identity
4. Basically to ruin my life for a while.
On top of this, when apps innocently ask users for their password, it teaches users bad behaviors, since they become accostomed to giving out their password to random applications. Not a good situation.
Email requires *incredibly* high levels of security, and Shotwell should *never* ask for a user's password to it.