Protect your reset password tokens: UK Data Protection position on referers (opens in new tab)

(iconewsblog.wordpress.com)

1 pointsfastmark10y ago1 comments

1 comments

1 comments · 1 top-level

If you wish to use Reset Password tokens, then be sure to block referers and/or not include any third party loaded assets (JavaScript, css, etc).

It's not just reset password tokens: beware any protected data, like PII (emails, etc)!

j / k navigate · click thread line to collapse