Fork me on GitHub
#web-security2020-08-08
>
drewverlee18:08:27

Your treating the uuid like a password. So the same principles apply. E.g is it a get request? Are query params encoded so middle men can't get them? @lgessler

drewverlee18:08:37

Di your users understand they can't give out the uuid? Imo it's a coupling that buys you little and costs you much.