[Standards] Proposed XMPP Extension: HTTP File Upload
sam at samwhited.com
Mon Jul 27 16:34:09 UTC 2015
On Mon, Jul 27, 2015 at 11:28 AM, Matthew Wild <mwild1 at gmail.com> wrote:
> I'll just quickly note that I don't see any security advantage to a
> token in a header (if we're always over HTTPS, which I assume we are
> if we care about this). The attacker guessing an unpredictable URL is
> no different to an attacker guessing an unpredictable auth token.
In my case this would be about delegating to external services that
require auth; if it's a local file upload service which we control,
then yes, a random URL is enough.
More information about the Standards