377
20
tWItter AutHentIcAtIon
And SSl curl
e purpose of this chapter is to introduce code that safely and securely retrieves and
displays data from the Twitter service. ere are two aspects to this process. One is the
more obvious treatment of untrusted data, even when it comes from a trusted source.
e second is to securely call the service. is is a commonly forgotten procedure, and
its omission is called a security downgrade. is idea was addressed in AJAX Security
(Hoffman and Sullivan 2007). is idea recognizes the fact that while a user may
securely login, subsequent data requests are fetched insecurely using either clear text
calls or non-verified encrypted calls, which compromises security, trust, and data integ-
rity. A user has the reasonable ...