Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

+1 on this. With asymmetric signing, you don't have to spread a secret far and wide. You could go a step farther with client certs, but still would need a more heavy management interface and a CA setup against your applications which means quite a bit more complexity.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: