On 4/30/09 7:34 AM, Blaine Cook wrote: > A question for the security folks here: > > Is there a way to programmatically test for the relatedness of the > token and secret? Could we perform automated security audits of OAuth > libraries, looking for (anti-)patterns of implementation?
It would take more engineering effort to try and create a sufficiently clever static code analysis tool to do this than it would for a proficient security auditor to review the code by hand. -- Dossy Shiobara | [email protected] | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ "He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on." (p. 70) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
