Loggearte en otro sitio con tu cuenta de Google, Twitter o Facebook no sólo es conveniente sino que además es más segura que crear una nueva cuenta, o ingresar tu contraseña de Google, Twitter o Facebook en un sitio de terceros. Aquí es donde OAuth entra en acción. Veamos cómo funciona y cómo mantiene nuestras contraseñas seguras en sitios de terceros.
But it's all just a giant troll, where the app's creators are silently running targeted searches, downloading your mail, and looking for compromising photos and sensitive documents behind-the-scenes. They could collect the documents for months or years, and then release it all online in an anonymous blast. Lulz!
You'd likely never find out where the data came from, and the perpetrators would never be caught. Hell, if you've Gmail-authed a questionable app, this could be happening to you right now and you'd never know. Whee!
Comentarios
Traducción: http://www.elbauldelprogramador.com/opensource/seguridad/entendiendo-oauth-que-ocurre-cuando-te-loggeas-en-un-sitio-con-google-twitter-o-facebook/
Interesante artículo, aunque:
Google no te dice realmente qué permisos otorgas cuando usas OAuth.
Y eso no es bueno: http://waxy.org/2012/02/the_perpetual_invisible_window_into_your_gmail_inbox/
#2 Me da que pensar esto:
But it's all just a giant troll, where the app's creators are silently running targeted searches, downloading your mail, and looking for compromising photos and sensitive documents behind-the-scenes. They could collect the documents for months or years, and then release it all online in an anonymous blast. Lulz!
You'd likely never find out where the data came from, and the perpetrators would never be caught. Hell, if you've Gmail-authed a questionable app, this could be happening to you right now and you'd never know. Whee!