On Tue, Jul 13, 2010 at 2:05 PM, Andrew Arnott <andrewarn...@gmail.com> wrote: > I'm not storing tokens at all. And a compromise of the database wouldn't > expose any tokens or their hashes. I'm only storing that > user/client/scope/issued_date tuple -- not the token itself.
And a signing key. So the question is what happens if both the signing key and the token database get compromised. Now that I think of it, you may have issues if the signing key alone is compromised. It depends how much other entropy you've added to the tokens... _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
