...@yahoo.com
mailto:wmills_92...@yahoo.com
*Sent:* Monday, February 25, 2013 2:28 PM
*Subject:* Re: [OAUTH-WG] OAuth2 attack surface
Whats the link?
Phil
Sent from my phone.
On 2013-02-25, at 14:22, William Mills wmills_92...@yahoo.com
mailto:wmills_92...@yahoo.com wrote:
I think
...@oracle.com
To: William Mills wmills_92...@yahoo.commailto:wmills_92...@yahoo.com
Sent: Monday, February 25, 2013 2:28 PM
Subject: Re: [OAUTH-WG] OAuth2 attack surface
Whats the link?
Phil
Sent from my phone.
On 2013-02-25, at 14:22, William Mills
wmills_92...@yahoo.commailto:wmills_92...@yahoo.com
On Mar 1, 2013, at 4:00 PM, prateek mishra wrote:
Yup, use of confidential clients and full checking of redirect URIs
would mitigate these attacks.
I think there is an issue of providing guidance to
developers/deployers, about making secure choices, that needs to be
addressed someplace.
-and-chrome.html
*From:* Phil Hunt phil.h...@oracle.com mailto:phil.h...@oracle.com
*To:* William Mills wmills_92...@yahoo.com
mailto:wmills_92...@yahoo.com
*Sent:* Monday, February 25, 2013 2:28 PM
*Subject:* Re: [OAUTH-WG] OAuth2
mishra prateek.mis...@oracle.com
Subject: Re: [OAUTH-WG] OAuth2 attack surface
To: oauth@ietf.org oauth@ietf.org
Date: Thursday, February 28, 2013, 5:56 PM
Characteristics of both these attacks -
1) Use of implicit flow (access token passed on the URL)
2
/hacking-facebook-with-oauth2-and-chrome.html
From: Phil Hunt phil.h...@oracle.com
To: William Mills wmills_92...@yahoo.com
Sent: Monday, February 25, 2013 2:28 PM
Subject: Re: [OAUTH-WG] OAuth2 attack surface
Whats the link?
Phil
Sent from my phone.
On 2013-02-25, at 14:22
I think this is worth a read, I don't have time to dive into this :(___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
DOH!!!
http://homakov.blogspot.co.uk/2013/02/hacking-facebook-with-oauth2-and-chrome.html
From: Phil Hunt phil.h...@oracle.com
To: William Mills wmills_92...@yahoo.com
Sent: Monday, February 25, 2013 2:28 PM
Subject: Re: [OAUTH-WG] OAuth2 attack surface
...@yahoo.commailto:wmills_92...@yahoo.com
Sent: Monday, February 25, 2013 2:28 PM
Subject: Re: [OAUTH-WG] OAuth2 attack surface
Whats the link?
Phil
Sent from my phone.
On 2013-02-25, at 14:22, William Mills
wmills_92...@yahoo.commailto:wmills_92...@yahoo.com wrote:
I think this is worth a read, I
/02/hacking-facebook-with-oauth2-and-chrome.html
From: Phil Hunt phil.h...@oracle.com
To: William Mills wmills_92...@yahoo.com
Sent: Monday, February 25, 2013 2:28 PM
Subject: Re: [OAUTH-WG] OAuth2 attack surface
Whats the link?
Phil
Sent from my phone.
On 2013-02-25, at 14:22
-with-oauth2-and-chrome.html
From: Phil Hunt phil.h...@oracle.com
To: William Mills wmills_92...@yahoo.com
Sent: Monday, February 25, 2013 2:28 PM
Subject: Re: [OAUTH-WG] OAuth2 attack surface
Whats the link?
Phil
Sent from my phone.
On 2013-02-25, at 14:22, William Mills wmills_92
-facebook-with-oauth2-and-chrome.html
From: Phil Hunt phil.h...@oracle.commailto:phil.h...@oracle.com
To: William Mills wmills_92...@yahoo.commailto:wmills_92...@yahoo.com
Sent: Monday, February 25, 2013 2:28 PM
Subject: Re: [OAUTH-WG] OAuth2 attack surface
Whats
12 matches
Mail list logo
