@homakov better than allowing same CSRF "nonce" to be used multiple times
-
-
@avlidienbrunn@antisnatchor@homakov Tokens leaking, ever, is a serious defense flaw. I don't get how per request tokens help much. -
@manicode@antisnatchor@homakov (per request scenario): if token leaks *after* being used then the leaked token is useless. -
@manicode@antisnatchor@homakov (per action scenario): if token leaks for "search" action, it can't be used to CSRF "transfer money" action -
-
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.