|
|
|
|
|
|
by moduspwnens14
3075 days ago
|
|
|
AWS has their own v4 signature method that I always thought was neat. Key benefits: * Secret not included in request * Verifies integrity of the message (since its contents are signed) * Protection against replay attacks It's probably overkill in a lot of situations, but I've always liked how even if TLS were compromised, all the attacker would gain is the ability to see the requests--not modify them or forge new ones. I haven't used JWT before, but reading one of the links below, it looks like it covers a lot of the same stuff (although you'd have to implement your own replay protection if you want that). |
|
|