OAuth 2.0 Security Used by Facebook, Salesforce.com Called Weak

Thursday Sep 23rd 2010 by Datamation.com Staff
Share:

An original OAuth developer says that the people behind the standard have gotten "lazy" about security.

NetworkWorld: A number of Web companies, including Facebook and Salesforce.com, rely on the OAuth 2.0 standard to authenticate users. But critics like former OAuth co-creator Eran Hammer-Lahav of Yahoo say the security measure is too easy to crack.

"The OAuth community has made a big mistake about the future direction of the protocol," wrote Hammer-Lahav. "What makes this more frustrating is that the people behind [OAuth 2.0] are some of the brightest security minds on the Web. These guys know exactly what they are doing, and it's not like they don't care. They just gave up and decided that the best they can do is maintain the status quo. They are also representing a large and powerful coalition of big companies too lazy to work a little harder."

Share:
Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved