- changed status to resolved
SF: 10. security consideration for request_uri needed
Issue #65
resolved
section 10: Is there nothing to be said about the new indirection caused by the request_uri? I'd have thought there were some corner cases that'd warrant a mention, e.g. if some kind of deadlock or looping could happen, or if one client (in OAuth terms) could use a request_uri value as a way to attempt attacks (to be assisted by an innocent browser) against some resource owner.
Comments (1)
-
reporter - Log in to comment
Fixed
#65→ <<cset d1701bc9e286>>