diff options
Diffstat (limited to 'docs/oauth1/security.rst')
| -rw-r--r-- | docs/oauth1/security.rst | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/docs/oauth1/security.rst b/docs/oauth1/security.rst index 0fd5c4c..d8b7d6b 100644 --- a/docs/oauth1/security.rst +++ b/docs/oauth1/security.rst @@ -5,7 +5,7 @@ A few important facts regarding OAuth security SSL for all interactions both with your API as well as for setting up tokens. An example of when it's especially bad is when sending POST requests with form data, this data is not accounted for in the OAuth - signature and a successfull man-in-the-middle attacker could swap your + signature and a successful man-in-the-middle attacker could swap your form data (or files) to whatever he pleases without invalidating the signature. This is an even bigger issue if you fail to check nonce/timestamp pairs for each request, allowing an attacker who |