|
|
|
|
|
|
by pi18n
4795 days ago
|
|
|
I think asymmetric keys have the advantage that, you could sign some token that includes the website name, so a phishing or XSS attack would work against one website at a time. In fact, if the token was something authenticated by the server's certificate and included the destination IP, the true website might be able to reject false signed tokens that weren't done via MITM. |
|
|