最佳实践 - 是否存储 Twitter 凭据?

发布于 2024-07-20 04:59:50 字数 318 浏览 12 评论 0原文

我希望能够让我的用户能够在我的网站上的个人资料中显示他们最近的推文。

我有一个 PHP twitter 包装器并了解如何进行 API 调用等,但我只是想知道如何管理用户信息。

这里的最佳做法是什么?我希望他们能够输入一次凭据,但我想自己存储每个人的用户名/密码并不是最好的方法。

  • 有没有办法拨打一次经过身份验证的电话,然后让 Twitter 记住它?
  • 我应该存储用户名/密码,然后在显示推文时拨打电话吗?

这里的任何建议都会很棒。

谢谢你,

I'd like to be able to give my users the ability to display their recent tweets on their profile on my website.

I have a PHP twitter wrapper and understand how to make API calls etc, but I'm just wondering how to manage the user information.

What is the best practice here? I want them to be able to enter their credentials once, but I would imagine storing everyones username/password myself isn't the best way to go about it.

  • Is there a way to make an authenticated call once, and have twitter remember it?
  • Should I store the usernames/passwords and then just make a call when displaying the tweets?

Any advice here would be great.

Thank you,

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

秋心╮凉 2024-07-27 04:59:50

使用 OAuth,无需询问用户密码:

http://apiwiki.twitter.com/Authentication

我认为每个人都会/应该同意存储 Twitter 用户名/密码是不好的,我不敢相信他们曾经创造过你需要它的情况。

Use OAuth, no need to ask users for their passwords:

http://apiwiki.twitter.com/Authentication

I think everyone would/should probably agree that storing the twitter usernames/passwords is bad, I can't believe they ever created a situation where you needed it.

甜心 2024-07-27 04:59:50

您不应该永远存储任何类型的未加密凭据。 如果您的解决方案涉及保留明文密码,即使是很短的时间,您也需要重新设计一些东西。

绝对的最佳实践是您自己不保留任何信息 - 使用 cookie 或 OAuth 来处理您的身份验证。 用户可以随意禁用会话令牌或 cookie,从而使他们能够控制您网站的行为。

下一个最好的事情(尽管仍然非常不可取)是保存不可逆的加密凭据,以便在您需要显示推文时重新发送到 Twitter。

You should never store unencrypted credentials of any kind. If your solution involves holding onto a plaintext password, even for a brief time, you need to rework something.

Absolute best practice would be to hold no information yourself - use cookies or OAuth to handle your authentication. A session token or cookie can be disabled by the user at will, giving them control over the behavior of your site.

Next best thing (although still pretty undesirable) would be to hold non-reversibly encrypted credentials to resend to Twitter whenever you need to display tweets.

別甾虛僞 2024-07-27 04:59:50

您不需要他们的密码来提取他们的最新推文,除非他们的个人资料被锁定,只需从 http 提取提要://twitter.com/statuses/user_timeline/用户名.rss

您应该查看 Twitter 的 OAUTH 支持(尽管他们有

You don't need their passwords to pull their latest tweets, unless their profiles are locked, simply pull the feed from http://twitter.com/statuses/user_timeline/username.rss

You should look at Twitter's OAUTH support (although they have disabled it). This enables you to prompt the users once, and then store a response from twitter which will allow you to post

七禾 2024-07-27 04:59:50

无论如何,您希望在网站上发布的推文通常都是公开的。

如果您确实需要代表用户在某处进行身份验证(也许允许用户发送推文),则最佳实践是在您最初进行身份验证时提示用户,然后然后存储资源返回的任何身份验证令牌,而不是用于获取它的凭据。

Tweets that you would want up on your web site are generally public anyway.

If you did need to authenticate somewhere (perhaps allow users to send new tweets) on a user's behalf, the best practice is to prompt the user at the time you initially authenticate and then store whatever authentication token is returned by the resource rather than the credentials used to get it.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文