There's a lot to wrap your head around with the security advisory and the OAuth protocol in general. It's easy to go down rabbit-trails that aren't part of the vulnerability in discussion. Eran has a great post that covers the issues in detail. It's recommended reading for everyone who wants to chip in their 2 cents.
http://www.hueniverse.com/hueniverse/2009/04/explaining-the-oauth-session-fixation-attack.html --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
