Hi, I have a question about securitytokens. Using the class BasicSecurityToken to generate tokens is only thought to be used for testing purposes. Digging through the partuza code, I have seen the usage of this in Partuza too. I am wondering how a site can be vulnerable, if the generated token is not secure?
My assumption: Any hacker makes a request to a container he wants to affect. For this he writes a gadget to read all the opensocial data via opensocial api calls. To get access to the gadget container he generates the same token the container site would create. So he is able to read all the opensocial data of the container. Is this right? Thanks Harry Jetzt komfortabel bei Arcor-Digital TV einsteigen: Mehr Happy Ends, mehr Herzschmerz, mehr Fernsehen! Erleben Sie 50 digitale TV Programme und optional 60 Pay TV Sender, einen elektronischen Programmführer mit Movie Star Bewertungen von TV Movie. Außerdem, aktuelle Filmhits und spannende Dokus in der Arcor-Videothek. Infos unter www.arcor.de/tv
