Monthly Archives: March 2015

I’m currently designing a user-authentication OAuth2 based service. I’m trying very hard never ever to reveal anything about users or passwords. Credential-lookup by userid is always done twice. If the user is not found a known dummy-user is looked up … Continue reading →