/rhinautheros

OAuth as a replacement for cookie authentication in web apps
  1. JavaScript 100.0%
Switch branches/tags
Nothing to show
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Download ZIP

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching Xcode...

If nothing happens, download Xcode and try again.

Launching Visual Studio...

If nothing happens, download the GitHub extension for Visual Studio and try again.

Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib
src
test
.gitignore
.gitmodules
LICENSE
README.markdown

README.markdown

rhinautheros

Most web applications use cookies to authenticate the browser session after the user has logged in. Cookies suffer from security problems

Rhinautheros aims to implement 2-legged OAuth for authenticating XHR requests, thus closing the CSRF hole.

This project is a work in progress. It is not in a working state yet.

See the talk description, Cookies are bad for you and slides, presented at Open Source Bridge 2011.