douqian2957
2015-04-17 10:08为API身份验证添加UTC时间戳是一个好主意
I have seen many sites such as
Amazon : (http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html) adding UTC timestamp("seconds since epoch") to HMAC for stopping replay attacks.
Many authentication tutorials and forums like How to securely maintain user authentication through a third party API? are also suggesting this.
I have only one concern in this, can it cause issue when mobile apps communicate with the API, I have checked it will not cause issue on Web when communicating with API's on web with PHP.
- 点赞
- 回答
- 收藏
- 复制链接分享
1条回答
为你推荐
- 为API身份验证添加UTC时间戳是一个好主意
- ios
- android
- api
- php
- authentication
- 1个回答