But with the OAuth model, you would have to put the entire application in a secure enclave, from the storage right on down to the part where the HTTPS packet gets encoded, which seems terrible for performance.
-
Show this thread
-
Replying to @cmuratori
It's basically impossible to secure any of this, because at some point, you are sending a 'bearer token' that will be taken at face value. It can be intercepted and reused freely. OAuth2 is not secure from my POV.
1 reply 0 retweets 0 likes -
Replying to @peterixxx @cmuratori
A more sensible approach would be to set up a key pair between the service and the client, where the client generates it and securely stores the private key. The service stores the public key along with your account.
1 reply 0 retweets 0 likes -
Replying to @peterixxx @cmuratori
You start a session by service challenging the client with a nonce, which is signed by client and used only for that session. Effectively, you gain a way to revoke access immediately instead of blindly trusting bearer tokens until expiration timestamp.
1 reply 0 retweets 0 likes -
Replying to @peterixxx @cmuratori
AND the session tokens can be extremely short lived... which would make abusing them much harder if intercepted/leaked.
1 reply 0 retweets 0 likes -
Replying to @peterixxx @cmuratori
Why I would want the server giving you a nonce is resilience against replay attacks. You don't want to be able to just resend a request someone else made before and get the answer out of it.
1 reply 0 retweets 0 likes -
Replying to @peterixxx @cmuratori
What I thionk happened with OAuth2 is that people sacrificed security for scalability. If you have one 'server private key' and sign the tokens with that, you can verify that in completely disconnected systems. In the process, you threw away the capability to revoke access.
1 reply 0 retweets 0 likes -
Replying to @peterixxx @cmuratori
And made it so that the tokens, when leaked, can let anyone impersonate the client.
1 reply 0 retweets 0 likes -
Replying to @peterixxx @cmuratori
This is actually terrible if you are in an environment that breaks https (MITM proxy pretending to be all domains) and does not give you any other options. It's very much susceptible to abuse.
1 reply 0 retweets 0 likes -
Replying to @peterixxx @cmuratori
In other words, if you are looking at this from a green field perspective and security in mind, avoid OAuth2 completely.
1 reply 0 retweets 0 likes
I agree with this. Unfortunately, it seems that most payment providers do not :(
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.