>or non-existent. Note that for security reasons, to inhibit brute force >attacks, endpoints MUST NOT return 404 Not Found error codes. > >From a security point of view differentiating the two is bad as it >helps an attacker find valid notes to brute force. Ideally you want an >attacker to spend time truing to break into resources that don't exist >as well as ones that do. Good point! _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-reg-06.txt internet-drafts
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-r... Richer, Justin P.
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-d... Mike Jones
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-d... Torsten Lodderstedt
- Re: [OAUTH-WG] I-D Action: draft-ietf-oau... Justin Richer
- Re: [OAUTH-WG] I-D Action: draft-ietf... John Bradley
- Re: [OAUTH-WG] I-D Action: draft... Torsten Lodderstedt
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-d... Nat Sakimura
- Re: [OAUTH-WG] I-D Action: draft-ietf-oau... Mike Jones
- Re: [OAUTH-WG] I-D Action: draft-ietf... John Bradley
- Re: [OAUTH-WG] I-D Action: draft... Tim Bray
- Re: [OAUTH-WG] I-D Action: d... Nat Sakimura
- Re: [OAUTH-WG] I-D Actio... Mike Jones
- Re: [OAUTH-WG] I-D Actio... Tim Bray
- Re: [OAUTH-WG] I-D Actio... Mike Jones
- Re: [OAUTH-WG] I-D Actio... Justin Richer
- Re: [OAUTH-WG] I-D Actio... Mike Jones
