-lucent.com
To: oauth@ietf.orgmailto:oauth@ietf.org
Sent: Monday, February 20, 2012 9:37 AM
Subject: Re: [OAUTH-WG] Quick question about error response for
response_type=unknown
Could there be a potential security hole in providing an error response? (Not
that I see it, but many problems in the past
, 2012 9:37 AM
Subject: Re: [OAUTH-WG] Quick question about error response for
response_type=unknown
Could there be a potential security hole in providing an error response?
(Not that I see it, but many problems in the past had been caused by helpful
responese.)
Igor
On 2/20/2012 11
is usually echoing back the user data, or
allowing user enumeration for example. Care is required, but you don't have
a ton of options here.
From: Igor Faynberg igor.faynb...@alcatel-lucent.com
To: oauth@ietf.org
Sent: Monday, February 20, 2012 9:37 AM
Subject: Re: [OAUTH-WG] Quick question
enumeration for example. Care is required, but you don't have
a ton of options here.
From: Igor Faynberg igor.faynb...@alcatel-lucent.com
To: oauth@ietf.org
Sent: Monday, February 20, 2012 9:37 AM
Subject: Re: [OAUTH-WG] Quick question about error response for
response_type=unknown
, or
allowing user enumeration for example. Care is required, but you don't
have a ton of options here.
From: Igor Faynberg igor.faynb...@alcatel-lucent.com
To: oauth@ietf.org
Sent: Monday, February 20, 2012 9:37 AM
Subject: Re: [OAUTH-WG] Quick question about error response
enumeration for example. Care is required, but you don't
have a ton of options here.
--
*From:* Igor Faynberg igor.faynb...@alcatel-lucent.com
*To:* oauth@ietf.org
*Sent:* Monday, February 20, 2012 9:37 AM
*Subject:* Re: [OAUTH-WG] Quick question about error
of options here.
--
*From:* Igor Faynberg igor.faynb...@alcatel-lucent.com
*To:* oauth@ietf.org
*Sent:* Monday, February 20, 2012 9:37 AM
*Subject:* Re: [OAUTH-WG] Quick question about error response for
response_type=unknown
Could there be a potential
here.
From: Igor Faynberg igor.faynb...@alcatel-lucent.com
To: oauth@ietf.org
Sent: Monday, February 20, 2012 9:37 AM
Subject: Re: [OAUTH-WG] Quick question about error response for
response_type=unknown
Could there be a potential security hole in providing an error response
Respond with an error in protocol. Thta won't include a redirect, and the
client has to know what to do.
From: nov matake n...@matake.jp
To: oauth WG oauth@ietf.org
Sent: Monday, February 20, 2012 6:11 AM
Subject: [OAUTH-WG] Quick question about error
Could there be a potential security hole in providing an error
response? (Not that I see it, but many problems in the past had been
caused by helpful responese.)
Igor
On 2/20/2012 11:57 AM, William Mills wrote:
Respond with an error in protocol. Thta won't include a redirect, and
the
Faynberg igor.faynb...@alcatel-lucent.com
To: oauth@ietf.org
Sent: Monday, February 20, 2012 9:37 AM
Subject: Re: [OAUTH-WG] Quick question about error response for
response_type=unknown
Could there be a potential security hole in providing an error response? (Not
that I see it, but many
11 matches
Mail list logo
