|
|
|
|
|
|
by osrec
2242 days ago
|
|
|
Yeah, I imagine this is okay for testing, since UUIDs are fairly impossible to guess, however, you probably want a slightly more elaborate "authenticated session" based structure to ensure someone malicious who has obtained the UUID does not have an unlimited time window to exploit it. |
|
|