|
|
|
|
|
|
by mcherm
3659 days ago
|
|
|
Not particularly. There are other layers of security here - the sessions expire (so there's a limited window to exploit each one), the sessions are always transmitted via SSL (so you pretty much have to have an exploit on the customer's system to get one), and the sessions are restricted to one customer (so you only have an attack against the customer whose system you have an exploit on). If we used a different approach, then the same error (losing the data that's being synched) would result in losing all of the customer sessions. |
|
|