|
|
|
|
|
|
by emily37
5177 days ago
|
|
|
Sort of off-topic, but on the subject of using fragment identifiers to pass around secrets, Ben Adida used them to secure session cookies from eavesdroppers: https://github.com/benadida/sessionlock http://www2008.org/papers/pdf/p517-adida.pdf He uses a token in the fragment identifier to authenticate every request; since the fragment identifier never gets sent to the server, a passive attacker never sees it -- it's a nice trick. |
|
|