undefined | Better HN

0 pointsjessaustin13y ago0 comments

This might be difficult to administer. Nobody smart stores users' passwords directly, so it's not like they can list different passwords with their associated permissions on a page. If you go with user-selected "nicknames", then do you require the app to use the nickname too? Or do you just compare with all the hashes on the user's account? Maybe instead the app has to pass a hash of the perms themselves, serialized in some canonical way. How many users can figure this out? I've known DBAs who couldn't figure out analogous situations.

Even so, you're probably right in the long term.

0 comments

cwb7113y ago

Google already requires that you name each ASP and provides a table listing the name, the date it was created, the date it was last used to log in, and a link to revoke it.

They'd just need to add an option to modify those. The OAuth entries on the same page list each's entitlements, though you don't have the option to modify them.

j / k navigate · click thread line to collapse

0 pointsjessaustin13y ago0 comments

Even so, you're probably right in the long term.

0 comments

cwb7113y ago

Google already requires that you name each ASP and provides a table listing the name, the date it was created, the date it was last used to log in, and a link to revoke it.

They'd just need to add an option to modify those. The OAuth entries on the same page list each's entitlements, though you don't have the option to modify them.

j / k navigate · click thread line to collapse