Tim Starling wrote:
*.toolserver.org is most likely full of XSS
vulnerabilities. It doesn't
matter what sort of authentication you use, it's pointless if anyone can
run arbitrary client-side scripts on it via XSS. I don't think any
private data should be delivered on this domain at all. And I don't
think authenticated write operations should be there either.
What does "authenticated write operations" mean in context?
MZMcBride