Confirmed users
169
edits
Security/Reviews/F1 (round 2): Difference between revisions
Security/Reviews/F1 (round 2) (view source)
Revision as of 18:11, 26 September 2011
, 26 September 2011→Threat Brainstorming (30-40 minutes)
Mixedpuppy (talk | contribs) |
Mixedpuppy (talk | contribs) |
||
| Line 49: | Line 49: | ||
** Shane says probably it will just be pulled out. | ** Shane says probably it will just be pulled out. | ||
* Can arbitrary content invoke the OAuth flow/dialog ? | * Can arbitrary content invoke the OAuth flow/dialog ? | ||
** | ** the login flow/dialog is a part of the flow of the mediator now and cannot be initiated from content | ||
** IF content has oauth tokens for the service/user, they can initiate oauth API calls, this will be changed soon | |||
** <strike>as of right now yes, this is a property of the injector that needs to be fixed</strike> | ** <strike>as of right now yes, this is a property of the injector that needs to be fixed</strike> | ||
** by design no, this is due to reuse of injector code | ** by design no, this is due to reuse of injector code | ||