They are only valid for 15 minutes and then they are never going to work again. They don't matter. I suppose if you had enough of them you could brute-force out what the secret key was, but that's a nation-state level of effort. Are your users (or their haters) in that league?
Walter
> On Mar 16, 2019, at 2:19 AM, 0x01 <mansur.mustafayev@gmail.com> wrote:
>
> If these logs get compromised, can these tokens be used again (i.e. are these tokens reusable?)
>
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/1CCD8127-E212-40C5-A2E2-840E659B745B%40wdstudio.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment