(www.ducktyped.org)

354 points egonschiele | 1 comments | 25 Aug 25 12:29 UTC | HN request time: 0s | source

Show context

fcpguru ◴[25 Aug 25 13:20 UTC] No.45013560[source]▶

where is the "session fixation" / token hijacking attack graphic? The history of 1.0 and the rush to put out OAuth 1.0a I will always remember. The year was 2008 and us yammer engineers implemented this new best practice auth system. It went live. And then suddenly a few days later someone in the office proved how the hijack was possible.

replies(1): >>45014867 #

7bit ◴[25 Aug 25 15:23 UTC] No.45014867[source]▶

>>45013560 #

Why is that relevant. We are at OAuth 2.0. who cares about what's been 17 years ago?

replies(2): >>45015389 #>>45021888 #

1. fcpguru ◴[26 Aug 25 03:14 UTC] No.45021888[source]▶

>>45014867 #

i guess it's not. just past trama. I had to talked about it. Better now.

↑

An illustrated guide to OAuth