zlacker

[parent] [thread] 4 comments
1. webstr+(OP)[view] [source] 2023-07-26 19:16:39
This proposal does not affect bots producing web content, only (potentially) bots browsing web content.
replies(1): >>pptr+t5
2. pptr+t5[view] [source] 2023-07-26 19:40:24
>>webstr+(OP)
It does affect bots creating social media content.
replies(1): >>helloj+sw
◧◩
3. helloj+sw[view] [source] [discussion] 2023-07-26 21:31:32
>>pptr+t5
Not necessarily. Even with WEI, spammers could farm legit tokens and then set up their own api that hands one out to their bot when one is necessary.
replies(1): >>pptr+m41
◧◩◪
4. pptr+m41[view] [source] [discussion] 2023-07-27 01:02:37
>>helloj+sw
My understanding is that you can't reuse tokens, because the system uses challenge response.
replies(1): >>helloj+Nj1
◧◩◪◨
5. helloj+Nj1[view] [source] [discussion] 2023-07-27 03:07:25
>>pptr+m41
But can you get a token and then not send it and save it for later? That's more what I was thinking. Not replay attacks but gathering a bunch of tokens thst are valid but never submitted to the origin, and then provide them via api requests to those that need one to use unauthorized devices with that origin.
[go to top]