• #dev 2022-11-27
  • Prev
    Next
  • #indieweb
  • #dev
  • #wordpress
  • #meta
  • #stream
  • #microformats
  • #known
  • #events
#dev ≡
  • ←
  • →
2022-11-27 UTC
# 21:06
[jamietanna] Jacky imo signatures (at least based on cavage-10, the last iteration I read, and very out of date now) don't save you from someone stealing / having credentials, it just saves replay of a given request. If someone's got your token they could re-generate the signatures. Or actually are you thinking that each Micropub client would have a signing key, maybe per-identity, that they'd need to use to sign requests?