|
|
|
|
|
|
by Getahobby
5504 days ago
|
|
|
These two arguments are separate. A malicious app that steals credentials (wait, in Gruber's world these apps are vetted, right?) is going to steal credentials whether it uses xauth or oauth. A non malicious app that uses xauth could in theory be exploited to reveal credentials whereas if it just used oauth it wouldn't be an issue of the same magnitude. It is a security win. You can argue the magnitude of the win all you want. |
|
|