http://www.kalzumeus.com/2010/09/22/security-lessons-learned-from-the-diaspora-launch/
The bottom line is currently there is nothing that you cannot do to someone’s Diaspora account, absolutely nothing.
Authentication != Authorization: The User Cannot Be Trusted
No comments:
Post a Comment