You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Returning an int allows for unsubscribe forgeries. Let's say my app has an ad network and a malicious ad gets onto the network, that ad could potentially brute force unsubscribe.
A better solution would be to return an object. Even better would be for that object to have the unsubscribe call itself.
The text was updated successfully, but these errors were encountered:
Returning an object that had the unsubscribe method on it sounds reasonable.
Of course, you could also reduce the possibility of a malicious unsubscribe
by returning a significantly large random integer. You could use web
crypto to generate the random number to take advantage of hardware
randomization.
Returning an int allows for unsubscribe forgeries. Let's say my app has an
ad network and a malicious ad gets onto the network, that ad could
potentially brute force unsubscribe.
A better solution would be to return an object. Even better would be for
that object to have the unsubscribe call itself.
—
Reply to this email directly or view it on GitHub #76.
Returning an int allows for unsubscribe forgeries. Let's say my app has an ad network and a malicious ad gets onto the network, that ad could potentially brute force unsubscribe.
A better solution would be to return an object. Even better would be for that object to have the unsubscribe call itself.
The text was updated successfully, but these errors were encountered: