Y
Hacker News
new
|
ask
|
show
|
jobs
by
johnrob
5118 days ago
I can't see any point in signing the params - an attacker only cares about the CC info, not some hash value. The only use for a secret key would be to encrypt all the params. But SSL already does that...