subject:"\[OAUTH\-WG\] Authorization Code Leakage feedback \(Yaron Goland\)"

Re: [OAUTH-WG] Authorization Code Leakage feedback (Yaron Goland)

2011-08-18 Thread Eran Hammer-Lahav

. Why not authorization code phishing? regards, Torsten. Von: Eran Hammer-Lahav [mailto:e...@hueniverse.com]mailto:[mailto:e...@hueniverse.com] Gesendet: Mittwoch, 17. August 2011 08:39 An: OAuth WG Betreff: [OAUTH-WG] Authorization Code Leakage feedback (Yaron Goland) 10.6. Authorization Code

Re: [OAUTH-WG] Authorization Code Leakage feedback (Yaron Goland)

2011-08-18 Thread Lodderstedt, Torsten

] Authorization Code Leakage feedback (Yaron Goland) 10.6. Authorization Code Leakage: Comment I fancy myself as being reasonably intelligent and I'm unclear what attack is actually being described here. Yeah... I had to go back to -16 to be reminded of the section original title 'session fixation

Re: [OAUTH-WG] Authorization Code Leakage feedback (Yaron Goland)

2011-08-18 Thread Eran Hammer-Lahav

not authorization code phishing? regards, Torsten. Von: Eran Hammer-Lahav [mailto:e...@hueniverse.com]mailto:[mailto:e...@hueniverse.com] Gesendet: Mittwoch, 17. August 2011 08:39 An: OAuth WG Betreff: [OAUTH-WG] Authorization Code Leakage feedback (Yaron Goland) 10.6. Authorization Code Leakage

Re: [OAUTH-WG] Authorization Code Leakage feedback (Yaron Goland)

2011-08-18 Thread Lodderstedt, Torsten

:[mailto:e...@hueniverse.com] Gesendet: Mittwoch, 17. August 2011 08:39 An: OAuth WG Betreff: [OAUTH-WG] Authorization Code Leakage feedback (Yaron Goland) 10.6. Authorization Code Leakage: Comment I fancy myself as being reasonably intelligent and I'm unclear what attack is actually being described

[OAUTH-WG] Authorization Code Leakage feedback (Yaron Goland)

2011-08-17 Thread Eran Hammer-Lahav

10.6. Authorization Code Leakage: Comment I fancy myself as being reasonably intelligent and I'm unclear what attack is actually being described here. Yeah... I had to go back to -16 to be reminded of the section original title 'session fixation attack' to figure out what this was about.

Re: [OAUTH-WG] Authorization Code Leakage feedback (Yaron Goland)

2011-08-17 Thread Eran Hammer-Lahav

Noticed this follow up question after I sent this: 10.6. Authorization Code Leakage: Comment on The authorization server SHOULD require the client to register their redirection URI: Why is this a should? Because comparing the redirect_uri value used between the two calls (authorization and

Re: [OAUTH-WG] Authorization Code Leakage feedback (Yaron Goland)

2011-08-17 Thread Lodderstedt, Torsten

not authorization code phishing? regards, Torsten. Von: Eran Hammer-Lahav [mailto:e...@hueniverse.com] Gesendet: Mittwoch, 17. August 2011 08:39 An: OAuth WG Betreff: [OAUTH-WG] Authorization Code Leakage feedback (Yaron Goland) 10.6. Authorization Code Leakage: Comment I fancy myself as being reasonably

Re: [OAUTH-WG] Authorization Code Leakage feedback (Yaron Goland)

Re: [OAUTH-WG] Authorization Code Leakage feedback (Yaron Goland)

Re: [OAUTH-WG] Authorization Code Leakage feedback (Yaron Goland)

Re: [OAUTH-WG] Authorization Code Leakage feedback (Yaron Goland)

[OAUTH-WG] Authorization Code Leakage feedback (Yaron Goland)

Re: [OAUTH-WG] Authorization Code Leakage feedback (Yaron Goland)

Re: [OAUTH-WG] Authorization Code Leakage feedback (Yaron Goland)

7 matches

Site Navigation

Mail list logo

Footer information