Security Relevant Bug in remotestorage.js
4 views
Skip to first unread message
msgnode
Oct 28, 2013, 3:34:37 PM10/28/13
to unho...@googlegroups.com
Hey people
I found out that the Authorization Adapter sets and eventlistener to Features-Loaded holding the token, and doesn't remove it on disconnect.
Means, after clicking disconnect the tokens reapears after a few seconds and get's saved in localstorage.
Bugfix is in current master, probably take this into the new just tagged release.
And people if you have apps with users, update
(:-P>~ o_O ~{-:)
Adrian <gg...@riseup.net>
I found out that the Authorization Adapter sets and eventlistener to Features-Loaded holding the token, and doesn't remove it on disconnect.
Means, after clicking disconnect the tokens reapears after a few seconds and get's saved in localstorage.
Bugfix is in current master, probably take this into the new just tagged release.
And people if you have apps with users, update
(:-P>~ o_O ~{-:)
Adrian <gg...@riseup.net>
Reply all
Reply to author
Forward
0 new messages