Y
Hacker News
new
|
ask
|
show
|
jobs
by
4death4
747 days ago
Even if the copy the header, they can only perform a replay attack, which is an improvement over leaking an API key. Also, you could include a timestamp in the signature to limit the amount of time it could be replayed.
1 comments
dcow
747 days ago
Sign a nonce.
link