Best practices - store Twitter credentials or not?

Question

I\'d like to be able to give my users the ability to display their recent tweets on their profile on my website.

I have a PHP twitter wrapper and understand how to m

Answer 1

You should never store unencrypted credentials of any kind. If your solution involves holding onto a plaintext password, even for a brief time, you need to rework something.

Absolute best practice would be to hold no information yourself - use cookies or OAuth to handle your authentication. A session token or cookie can be disabled by the user at will, giving them control over the behavior of your site.

Next best thing (although still pretty undesirable) would be to hold non-reversibly encrypted credentials to resend to Twitter whenever you need to display tweets.