I just noticed it and was wondering if anyone else had. Twitter has their "authenticity_token" as a 'hidden' input on forms...including password changes, resets, etc. Anyone tried hijacking a twitter login to verify this is bad form (no pun intended)? Don't want to re-invent the wheel if someone already did it.
If someone has tried it successfully, has it been brought up to the twitter folks as a push for full SSL sessions? (yeah, I know SSL is also having issues at the moment, but still...) --sr6
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
