|
|
|
|
|
|
by jerf
1769 days ago
|
|
|
If you use HTTPS, they're pretty much as secure as HTTPS itself is. Anything that would let you obtain or modify the token at that point would be a break of HTTPS. (Unless you're using some weird system where the secret is in the domain name, in which case it can be a bit more complicated, but who does that?) If you use HTTP they're not secure at all. |
|
|