douqian2957
douqian2957
2015-04-17 10:08

为API身份验证添加UTC时间戳是一个好主意

  • android
  • php
  • api
  • ios
  • authentication

I have seen many sites such as

Amazon : (http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html) adding UTC timestamp("seconds since epoch") to HMAC for stopping replay attacks.

Many authentication tutorials and forums like How to securely maintain user authentication through a third party API? are also suggesting this.

I have only one concern in this, can it cause issue when mobile apps communicate with the API, I have checked it will not cause issue on Web when communicating with API's on web with PHP.

  • 点赞
  • 回答
  • 收藏
  • 复制链接分享

1条回答

为你推荐