A lot of text for your argument which is x isn't secure. Not very compelling. Si... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

Blazespinnaker on Jan 17, 2018 | parent | context | favorite | on: Ask HN: What's the recommended method of adding au...

A lot of text for your argument which is x isn't secure. Not very compelling.

Signed rest requests ensure that auth tokens can not be leaked as each request is individually signed by a private key.

Your extreme example btw is hyperbolic. Providing signing sample code to clients is pretty typical

tptacek on Jan 17, 2018 [–]

I'm explaining where I'm coming from as a courtesy. I am also comfortable with the number and kind of HN readers who would simply take my argument as-stated without justification: "don't do signed URLs if you can get away with bearer tokens".

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact