[Standards] Proposed XMPP Extension: HTTP File Upload

Sam Whited sam at samwhited.com
Mon Jul 27 16:34:09 UTC 2015


On Mon, Jul 27, 2015 at 11:28 AM, Matthew Wild <mwild1 at gmail.com> wrote:
> I'll just quickly note that I don't see any security advantage to a
> token in a header (if we're always over HTTPS, which I assume we are
> if we care about this). The attacker guessing an unpredictable URL is
> no different to an attacker guessing an unpredictable auth token.

In my case this would be about delegating to external services that
require auth; if it's a local file upload service which we control,
then yes, a random URL is enough.

—Sam



-- 
Sam Whited
pub 4096R/54083AE104EA7AD3
https://blog.samwhited.com



More information about the Standards mailing list