为API身份验证添加UTC时间戳是一个好主意

I have seen many sites such as

Amazon : (http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html) adding UTC timestamp("seconds since epoch") to HMAC for stopping replay attacks.

Many authentication tutorials and forums like How to securely maintain user authentication through a third party API? are also suggesting this.

I have only one concern in this, can it cause issue when mobile apps communicate with the API, I have checked it will not cause issue on Web when communicating with API's on web with PHP.

查看全部
douqian2957
douqian2957
2015/04/17 10:08
  • android
  • php
  • api
  • ios
  • authentication
  • 点赞
  • 收藏
  • 回答
    私信
满意答案
查看全部

1个回复