jstroem
commented
10 years ago As i see it, either you can see the hole HTTP request including the headers and the URL otherwise you cant see anything (with HTTPS).
Closed plediii closed 10 years ago
jstroem
commented
10 years ago As i see it, either you can see the hole HTTP request including the headers and the URL otherwise you cant see anything (with HTTPS).
plediii
commented
10 years ago Ah, my misunderstanding. It seems the URL with query parameters would only be stored in plain text on the dropbox server logs.
Is there a reason the oauth access token is passed via query parameters for get requests? I'm concerned because this seems like a potential security risk with eavesdropping. It looks like the tokens should instead be passed in the HTTP headers.