Collaborate Disseminate
I have to secure HTTP requests`s body on application layer, so I wanted to generate signatures with hash of body and the receiver will validate it.
But I can do it in different way and apply it into existing architecture. My server already… Continue reading Applying application-level signing in HTTP
What version of TLS would be required for a router that separates client requests from a web server behind a router?
Let’s say the supported TLS client is 1.2 and so is the web server, BUT the router doesn’t support TLS 1.2, it’s only 1.0…. Continue reading Web request TLS
I use OAuth2 private_key_jwt authentication scheme to authenticate clients. Also, I need to be sure that request body isn’t modified.
I see two ways:
In token which I use to authenticate client I can add claim that contains hash of entire… Continue reading Sign vs hash HTTP body request
The API of a mobile app I was testing is sending the AWS AccessKeyId and SecretKey used for request signing from the AWS Cognito server unencrypted (apart from the regular TLS encryption). Making it possible to re-sign all requests to thei… Continue reading What is the use case of request signing in this mobile app?