Timeline for Security of REST authentication schemes
Current License: CC BY-SA 2.5
25 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Aug 9, 2018 at 8:44 | history | protected | cassiomolin | ||
| May 30, 2018 at 12:47 | comment | added | shuttle87 | @Plato I'd recommend LetsEncrypt these days for free SSL certs | |
| Aug 2, 2017 at 23:14 | comment | added | Plato | thanks @Voicu i was pretty shocked to see Google's announcement that startcom falsified certs last year | |
| Aug 2, 2017 at 23:04 | comment | added | Voicu | @Plato: Startcom certs are not trusted by Chrome starting with version 57, unless your site is in Alexa Top 1M (or Chrome v58 with Alexa Top 500K). | |
| May 23, 2017 at 11:47 | history | edited | URL Rewriter Bot | replaced http://stackoverflow.com/ with https://stackoverflow.com/ | |
| Jul 14, 2014 at 22:19 | history | edited | Jakub Kubrynski | edited tags | |
| Mar 28, 2014 at 10:40 | comment | added | Henrik | @SeanKAnderson (rant: I find it absurd how people talk about 99.99999%s when the internet is under siege by spy agencies which have automated A LOT of attacks already at 2008 -- it's such a strange way to deal with a real issue -- "Naaah, won't be a problem; for my grandma to wouldn't be able to hack it" | |
| Mar 28, 2014 at 10:38 | comment | added | Henrik | @SeanKAnderson Not necessarily, the tunnelling attack might be possible to use eprint.iacr.org/2006/105.pdf -- since the requests are "computer made" they might be possible to profile and create automated exploits for. | |
| Mar 23, 2014 at 23:52 | comment | added | Sean Anderson | @Henrik MD5 is weak but the content hash will be worthless in a few minutes...far quicker than anyone (well 99.99999% of people) can make any practical use of it. | |
| Aug 21, 2013 at 19:09 | vote | accept | dF. | ||
| Aug 8, 2013 at 12:47 | comment | added | Plato | Startcom provides free SSL certificates that don't throw certificate warnings in major browsers | |
| Mar 10, 2013 at 6:52 | answer | added | djsadinoff | timeline score: 3 | |
| Aug 30, 2012 at 18:33 | comment | added | Henrik | MD5 is a very weak hash function and it's usage has been discouraged for many years now: en.wikipedia.org/wiki/MD5. Use SHA2 nowadays. MD5 is lipstick on a pig with an identity crisis. | |
| May 11, 2012 at 19:47 | answer | added | Les Hazlewood | timeline score: 173 | |
| Oct 13, 2009 at 14:39 | vote | accept | dF. | ||
| Aug 21, 2013 at 19:09 | |||||
| S Oct 7, 2009 at 19:19 | vote | accept | dF. | ||
| Oct 7, 2009 at 19:19 | |||||
| S Oct 7, 2009 at 19:19 | vote | accept | dF. | ||
| S Oct 7, 2009 at 19:19 | |||||
| Oct 7, 2009 at 19:18 | vote | accept | dF. | ||
| S Oct 7, 2009 at 19:19 | |||||
| Jan 28, 2009 at 20:57 | answer | added | mahemoff | timeline score: 60 | |
| Jan 28, 2009 at 13:52 | answer | added | wowest | timeline score: 8 | |
| Jan 28, 2009 at 6:37 | answer | added | ZaDDaZ | timeline score: 5 | |
| Jan 21, 2009 at 21:03 | comment | added | laz | Amazon S3 can include a Content-MD5 as part of the header string to prevent the MITM attack you describe. | |
| Jan 18, 2009 at 21:36 | answer | added | LiorH | timeline score: 1 | |
| Jan 18, 2009 at 14:23 | history | edited | Hank Gay | CC BY-SA 2.5 | fixed typo |
| Jan 18, 2009 at 0:12 | history | asked | dF. | CC BY-SA 2.5 |