2009年4月24日のブックマーク (1件)

  • OAuth: 2009.1 OAuth Security Advisory

    OAuth Security Advisory: 2009.1 23-April-2009 A session fixation attack against the OAuth Request Token approval flow (OAuth Core 1.0 Section 6) has been discovered. Impact All standards-compliant implementations of the OAuth Core 1.0 protocol that use the OAuth authorization flow (also known as ‘3-legged OAuth’) are affected. Details The attack starts with the attacker visiting the (honest) Consu

    mumincacao
    mumincacao 2009/04/24
    承認用のと~くんを使いまわして別の人に承認してもらえばそのと~くんでやりたい放題…にう? ろぐいん完了時にと~くん再生成できる仕様になってないと回避不能かも...〆(・x・;【みかん