http://arstechnica.com/security/2016/07/new-attack-that-cripples-https-crypto-works-on-macs-windows-and-linux/
Access tokens included as a URL query parameter when accessing a resource are susceptible to this attack. Authorization codes are also visible. From what I know, we have not depended on the confidentiality of the authorization code. What are the best current practices that we can point people towards to ensure they are not susceptible to this attack? -- Dick Subscribe to the HARDTWARE <http://hardtware.com/> mail list to learn about projects I am working on!
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
