On Wed, Jul 14, 2010 at 11:58 AM, William Mills <wmi...@yahoo-inc.com> wrote: > If I can see things go by on the fly I can submit the token late and > mess with the user by revoking their session.
Meh. If the best the attacker can do in those circumstances is DOS, we're in good shape. Bear in mind that if we do nothing, the attacker can probably get the user's data. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth