undefined | Better HN

0 pointslvh8y ago0 comments

It also conveniently makes a CSRF vulnerability easier to exploit. And, as soon as there's more than one of something (e.g. say a family/corp account with an administrator that can do something for different users), it falls apart.

0 comments

tofflos8y ago

I think this is an interesting security consideration but I would prefer implicit identity for the following reasons:

If the API is meant to be consumed by machines then it's unlikely that CSRF would be a threat.

CSRF controls are more likely to be provided out of the box by a framework. Authorization controls are often tightly coupled to the business domain and are less likely to be usable out of the box.

If you need to support a scenario where administrators perform tasks on behalf of other users, then I would suggest evaluating whether a sudo-like mechanism could be viable solution.

j / k navigate · click thread line to collapse

0 pointslvh8y ago0 comments

0 comments

tofflos8y ago

I think this is an interesting security consideration but I would prefer implicit identity for the following reasons:

If the API is meant to be consumed by machines then it's unlikely that CSRF would be a threat.

CSRF controls are more likely to be provided out of the box by a framework. Authorization controls are often tightly coupled to the business domain and are less likely to be usable out of the box.

If you need to support a scenario where administrators perform tasks on behalf of other users, then I would suggest evaluating whether a sudo-like mechanism could be viable solution.

j / k navigate · click thread line to collapse