The second recommendation from the final security audit:
As we note in Section 2.6, poll endpoint URLs
are not required to be secret, i.e., SETs could be requested by any party. For use cases requiring
confidentiality of SETs, we recommend mandating authorization at the poll endpoint.
The second recommendation from the final security audit:
As we note in Section 2.6, poll endpoint URLs are not required to be secret, i.e., SETs could be requested by any party. For use cases requiring confidentiality of SETs, we recommend mandating authorization at the poll endpoint.