|
|
|
|
|
|
by fencepost
1239 days ago
|
|
|
I'm not even so much concerned with services like yours doing something malicious behind the scenes - I'm much more concerned about them being hacked/compromised in such a way that saved tokens could be used by an attacker. Maybe I'm wrong, but I suspect that there are services that get granted calendar, email, file access that could be considered much 'squishier' targets than the underlying services they connect to. So, if you're getting the minimum viable amount of access to someone's calendar, what's the worst that could be done by an attacker with persistent access to your backend systems, and how does it vary between different services you connect to (e.g. Google, M365, Outlook.com, Zoom, etc.)? This isn't even really about your software, more about "how restricted do the underlying services allow my access to be?" |
|
|