Tim Starling wrote:
*.toolserver.org is most likely full of XSS vulnerabilities. It doesn't matter what sort of authentication you use, it's pointless if anyone can run arbitrary client-side scripts on it via XSS. I don't think any private data should be delivered on this domain at all. And I don't think authenticated write operations should be there either.
What does "authenticated write operations" mean in context?
MZMcBride