-
@mrdavidlaing @ryanholder
have come up with an interesting conundrum. Grabbing the acces token with some custom services will require a username/password to be sent, thus after a user clicks 'login …
-
> Store a 'last changed' data against each individual activity record [E]
last_changed = last_updated_datetime || last_modified of parent file (to be discussed further)
-
A phishing attack is possible where a fake browserID dialogue is launched.
To allow the user to distinguish between a real browserID auth dialogue and a phishing dialogue do what many banks and sites…