On Tue, Dec 9, 2008 at 6:50 PM, Kevin Brown <[EMAIL PROTECTED]> wrote: >> Anybody have a real web app that relies on the integrity of content >> headers for security? > > Not that it applies to the OS use case, but wouldn't anything that relies on > cookies qualify?
Most web apps rely on the confidentiality of cookies for security, but not their integrity. Domain cookies allow one host to tamper with cookies sent to another host, so relying on cookie integrity is problematic. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
