I would like to direct the reader's attention to the following page:
http://en.wikipedia.org/wiki/Color_of_the_bikeshed
Personally, I don't think a callback nonce is going to do much at all
to stop people from carrying out this attack. I've already said this
twice in this thread, and I'll say it again:
If a malicious user can convince you to authorize an application,
then (he/she/it) can almost certainly get you to put in a callback
nonce as well. Submitting a form is still submitting a form, whatever
extra bits one sticks on top of the process.
It interferes with the user experience, and it's a lot more trouble
for very little potential benefit.
Now, on the other hand there are some changes which have been
suggested which will make a significant difference. One is placing
restrictions on specification of the callback (whether by signing or
specifying it when asking for the request token). Another is the once-
only rule for exchanging request tokens for access tokens. These are
real solutions which will plug up this security hole as much as
possible. Can someone please cut the Gordian knot and make a decision?
Regards,
Zack
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [email protected]
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~----------~----~----~----~------~----~------~--~---
