|
|
|
|
|
|
by ByteJockey
2016 days ago
|
|
|
But the problem here isn't he encryption. Well, for all I know, the encryption could be completely broken, I'm not a crypto-expert. But the problem described in the post wasn't the encryption. It was the logic. Specifically the order that things are done in. Parsing something before verifying it can be dangerous. |
|
|
Does SAML have enough salvageable parts to try fixing that, instead of going with something completely different? SAML is so pervasive that migrating off it can't be cheap or easy.