Is the HTTP request made in section 6.3.2 of 1.0a suseptible to a man- in-the-middle attack if not made thru HTTPS? If so, what security measures are in place to prevent some other entity from sniffing The 'token' and 'secret' and using it? Thank you.
--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
