Links for 2009-05-21
- Amazon web services signature vulnerability « root labs rdist - An HMAC works by applying a cryptographic hash algorithm to the user’s data and a secret key. Another party who knows the same secret key can perform the same calculation. If the HMAC results match, the data has not been modified. The problem lies in the lack of structure Amazon applied to the data, resulting in exploitable ambiguity. You can see Colin’s advisory for more details about how this can be exploited. See also the function signParameters() in the client code, AmazonEC2Client.java, for all three versions of this function.
- Mokka mit Schlag » POST vs. PUT - A description of the difference between POST and PUT operations for a RESTful service. Most importantly is this. The difference between PUT and POST is this: the client uses PUT when it's in charge of deciding which URI the new resource should have. The client uses POST when the server is in charge of deciding which URI the new resource should have.
This is a collection of links I have bookmarked on del.icio.us for the date 2009-05-21
Comments for Links for 2009-05-21
Leave a comment