[Users] Migrating account authentication from basic POP to OAuth2
Paul
paul at claws-mail.org
Thu Dec 22 12:33:24 UTC 2022
On Thu, 22 Dec 2022 07:19:41 -0500
Jeffrey Walton <noloader at gmail.com> wrote:
> If the oauth token gets compromised, then the attacker has a small
> window of opportunity. At the next execution of the protocol the token
> will change. And the attacker cannot use the token at other sites.
This has strayed way off-topic, now; too far.
Yes, in that particular scenario you are right. But when someone's system
becomes compromised, that won't help you.
Anyway, I still feel my point was worth making, and I've never had the
problem that oauth2 seeks to fix.
with regards
Paul
More information about the Users
mailing list