Ah ok. Aren't both of these equivalent though? (I would think the point may be t... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		shabda on Oct 1, 2011 \| parent \| context \| favorite \| on: Mozilla's secure coding guidelines for web develop... Ah ok. Aren't both of these equivalent though? (I would think the point may be that a compromised email, doesn't provide access later. Both these scenario are equally vulnerable then?)

patrickyeon on Oct 1, 2011 [–]

It would also be to make sure an attacker can't just iterate through or guess at the emailed URLs and get valid, logged-in sessions without needing to properly authenticate.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact