[API] Upgrade OAuth implementation to OAuth 1.0a

[API] Upgrade OAuth implementation to OAuth 1.0a

Submitted by Zach Copley on Wed, 09/22/2010 - 15:07
Issue ID:2757
Issue Category:security
Component:api
Priority:major
Status:fixed
Assigned:zach
Version:0.9
Milestone:1.0
Keywords:oauth, security

We need to upgrade our OAuth implementation from 1.0 to 1.0a to mitigate potential session fixation attacks.

see:
http://oauth.net/advisories/2009-1/
http://oauth.net/core/1.0a/

Updates

#1

Submitted by kenvandine on Fri, 10/08/2010 - 10:52.

following this

#2

Submitted by Zach Copley on Tue, 10/12/2010 - 20:57.
Status:active» fixed

Implemented in 0.9.6

Login or Register to modify this issue, or to receive updates by email.

You can also subscribe to the RSS feed for updates to this issue.