Currently all twitter passwords stored in the Drupal database are stored as plain text. I'm not a security expert by any means, but this doesn't seem sensible to me. Is it? If not, any chance they could be encrypted in some way?

Comments

michaelverdi’s picture

michaelverdi commented
Priority: Normal » Critical

Is there any way to do away with storing twitter passwords completely? I'm not a developer but I'd love to see this module to that thing where you have to log into twitter and authorize it. Is that possible? I have to delete this module because users don't want to give out their twitter passwords.

abraham’s picture

abraham commented
Status: Active » Closed (works as designed)

Version 3.x has OAuth support. Hopefully that will be stable soon.

For password authentication you have to store the passwords in plain text or a reversible encryption. Storing passwords in encrypted form will only give the illusion of security.