Hacker News new | past | comments | ask | show | jobs | submit login

this has nothing to do with CSRF btw. And this is not flaw of FB - this is a core flaw of OAuth2. Lots of them though:

http://homakov.blogspot.com/2012/07/saferweb-most-common-oau...

http://homakov.blogspot.com/2012/08/oauth2-one-accesstoken-t...




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: