Andy Fusniak – WindowsTechs.com

Is using a developer key to protect a REST API good practice?

Posted on December 2, 2021 by Andy Fusniak

I’d like to implement a RESTful API service over HTTP that developers can call from their server side environments.
I intend to use a cryptographically secure pseudo-random number generator (CSPRNG) to generate keys and then convert the bi… Continue reading Is using a developer key to protect a REST API good practice?→

Should I be concerned about timing attacks on HTTP service for passwordless signin?

Posted on June 11, 2021 by Andy Fusniak

I have an service that accepts an HTTP POST request from the end-user’s browser. The user passes their only email. I intend the server to generate a token and store this in a database, and email them the HMAC’d token as a means of implemen… Continue reading Should I be concerned about timing attacks on HTTP service for passwordless signin?→