client id is a weak point over http .. oauth perhaps could be further constrained by imposing a http header say like x-forwarded-for .. but that can be spoofed .. so it ends up being forever non-deterministic .. otherwise we'd have already locked it down .. but alas
![โรงเรียนห้ามรัก โดนจับได้ตาย...!! [เอิร์นไดเม่]](http://i.ytimg.com/vi/4u02Sbr556Q/mqdefault.jpg)
Yall, I got a new camera and didn't realize it was zoomed into my face so much, until after the fact. Enjoy the close up.
no problem fam
as a fellow IT dude realizing how underesprented i am in the field, I came here for this
Awesome stuff boss! Waiting for part III. 💯
great content
🔥
🎉
sir are you offering any reverse eng bootcamp by any chance? i'm willing to enroll and pay for it!
Provide link to part 1 in description please
Done!
client id is a weak point over http .. oauth perhaps could be further constrained by imposing a http header say like x-forwarded-for .. but that can be spoofed .. so it ends up being forever non-deterministic .. otherwise we'd have already locked it down .. but alas
Yep! Client-ID In cleartext is very bad and x-forwarded-for can also lead to SSRF. Love the input here!
🎉🎉🎉