On 4/29/09 12:25 PM, Brian Eaton wrote: > On Wed, Apr 29, 2009 at 5:58 AM, Dossy Shiobara<[email protected]> wrote: >> On 4/29/09 4:17 AM, Blaine Cook wrote: >>> What if, in the case of "Login with Twitter", the "identity" of the >>> user logging in is a random cookie string? >> As long as it's random every time - i.e., a nonce. > > Nit: nonce is probably not the right term here, because it means > "something that is used only once". Counters are perfectly acceptable > as nonces. In this case we need something unpredictable.
Thanks for the correction and clarification. I agree. -- Dossy Shiobara | [email protected] | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ "He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on." (p. 70) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
