Make `backend` API resilient against replay attacks
njlie opened this issue · comments
Nathan Lie commented
See #2709 (comment)
In #2632 API signature validation was added to the backend
service. This same approach was used for the auth
service in #2709, but it was mentioned in the linked comment that it was vulnerable to replay attacks. That was addressed in the PR for the auth
service but it needs to also be patched in the backend
service as well.