Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security flaw in facebook Wiki Example #1906

Closed
bguest opened this issue Jun 9, 2012 · 2 comments
Closed

Security flaw in facebook Wiki Example #1906

bguest opened this issue Jun 9, 2012 · 2 comments

Comments

@bguest
Copy link

bguest commented Jun 9, 2012

I just want to point out that finding records via an email address and no-password for the current session seems like huge security flaw. You are relying on Facebook or other omniauth provider to verify email addresses, and although they probably do a good job, It's out of your hands. All a user would have to do to gain access to someone else's account on your website would be to change their email address on Facebook to the desired email that they wanted access too. Much better to get retrive user accounts via there uid and provider...
@josevalim
Copy link
Contributor

Can you please update the wiki? The wiki are community maintained and sometimes such things pop-up. Thanks a lot!

@bguest
Copy link
Author

bguest commented Jun 9, 2012

I corrected it to what works for me.. Maybe not perfect...

On Jun 9, 2012, at 7:29 AM, José Valim wrote:

Can you please update the wiki? The wiki are community maintained and sometimes such things pop-up. Thanks a lot!

Reply to this email directly or view it on GitHub:
#1906 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@josevalim @bguest