On Tue, Mar 01, 2011 at 09:47:00PM +0100, Soren Hansen wrote: > 2011/3/1 Eric Day <e...@oddments.org>: > > Signature based auth such as EC2 should also always require > > a secure channel too, but if not attacks are less severe since they > > are limited to reply attacks only (the request and parameters are used > > as part of the signature). > > Just a note: The request also includes a timestamp and an expiration > field, so replay attacks are only possible within a certain > (user-defined) timeframe.
Thanks, good to know. So slightly more secure when not over SSL. :) -Eric _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
