|
|
|
|
|
|
by perlgeek
198 days ago
|
|
|
Another aspect to consider: when you reduce the amount of permission anything has (like here the returned token), you risk breaking something. In a complex system it can be very hard to understand what will break, if anything. In a less complex system, it can still be hard to understand if the person who knows the security model very well isn't available. |
|
|