|
|
|
|
|
|
by kam
2432 days ago
|
|
|
Also the example PHP code doesn't validate the age of the passed timestamp so you could just replay a "signature" indefinitely... Given that, you might as well just use an unchanging token or Basic Auth. Assuming https, that wouldn't be terrible for this kind of use case. But put it in an Authorization header, not in a query parameter, so it doesn't end up in logs. |
|
|
Sounds like a cool little thing, but wouldn't mind a standard to use on non-mobile platforms.