Hi Dick,
My previous emails do not even obliquely refer to security by obscurity. It
is about design patterns and excessive information disclosure.
Regards
Jaimandeep Singh
On Sat, 26 Aug, 2023, 8:27 pm Dick Hardt, wrote:
> Jaimandeep: Do I understand your objection to adoption is that providi
The security reason for exclusion of error codes and other information is
that the data helps the attacker subvert the app. I continue my attempt to
avoid helping the attacker.
thx ..Tom (mobile)
On Sat, Aug 26, 2023, 7:58 AM Dick Hardt wrote:
> Jaimandeep: Do I understand your objection to ado
Jaimandeep: Do I understand your objection to adoption is that providing a
resource discovery endpoint increases the attack surface as an
attacker gains knowledge about the resource?
If I understand that correctly, then you are suggesting security through
obscurity.
As mentioned by Aaron, there i
Right Philippe - there really is no way to create a secure client as a web
app. You would need access to the trusted execution environment, which is
not available.
..tom
On Sat, Aug 26, 2023 at 5:21 AM Philippe De Ryck <
phili...@pragmaticwebsecurity.com> wrote:
> My responses inline.
>
>
> H
My responses inline.
> Hi everyone,
>
> The document is about "OAuth 2.0 for Browser-Based Apps". Its abstract
> further explains that it "details the security considerations and best
> practices that must be taken into account when developing browser-based
> applications that use OAuth 2.0."
