Is the HTTP request made in section 6.3.2 of 1.0a suseptible to a man- in-the-middle attack if not made thru HTTPS? If so, what security measures are in place to prevent some other entity from sniffing The 'token' and 'secret' and using it? Thank you.
--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
