Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
pluma
on Feb 20, 2017
|
parent
|
context
|
favorite
| on:
Show HN: A microservice that makes adding authenti...
Maybe I'm missing something but isn't every single "social login" effectively using OAuth for auth?
homakov
on Feb 20, 2017
[–]
Yes. Some apps without sensitive info can do it, but that's it.
pluma
on Feb 20, 2017
|
parent
[–]
So in other words StackOverflow etc (i.e. all non-trivial apps that support third-party login via OAuth) are all broken from a security POV?
homakov
on Feb 20, 2017
|
root
|
parent
[–]
In one way or another. Most are vulnerable to bugs in standard (see sakurity.com/oauth) but every single one depends on central authority which is just stupid for auth.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: