Technically the impact is the same, because user can do exactly the same things, but a little bit trickier.
But yeah, I can't deny that here security risk is smaller. I consider this patch as an amendment to the previous one, which fully eliminates the possibility of quota bypass.
By the way, this patch also fixes the consequences of the old famous bug with token expiration.
Technically the impact is the same, because user can do exactly the same things, but a little bit trickier.
But yeah, I can't deny that here security risk is smaller. I consider this patch as an amendment to the previous one, which fully eliminates the possibility of quota bypass.
By the way, this patch also fixes the consequences of the old famous bug with token expiration.