|
|
|
|
|
|
by e12e
3074 days ago
|
|
|
That's also an argument for just using Kerberos over the Internet. And I'm not sure that's a good idea. I'm almost certain it's a bad idea if that means rolling your own Kerberos implementations in php, javascript and golang in order for your various back-end to speak to your various front-ends. But sure, leverage secret-key crypto and tickets in your own implementation in a way that's more secure than Kerberos. Or, use a solution that's simple enough any weakness is fairly obvious. |
|
|