|
|
|
|
|
|
by arnarbi
337 days ago
|
|
|
Services can certainly make this safer by providing means to get more restricted credentials, so that users can deputize semi-trusted delegates, such as agents vulnerable to injection. The important point being made in this discussion is that this is already a common thing with OAuth, but mostly unheard of with web sessions and cookies. |
|
|