Questions tagged [request-signing]

The API of a mobile app I was testing is sending the AWS AccessKeyId and SecretKey used for request signing from the AWS Cognito server unencrypted (apart from the regular TLS encryption). Making it possible to re-sign all requests to their AWS…

Signing HTTP requests is all the rage nowadays. The benefits of doing so when communicating over an insecure channel are clear. With signatures you can bring message integrity and authentication to such an environment. But I'm struggling what…