1 hour ago · 7 min read1452 words · Tech · hide · 0 comments

A presigned URL is a replay attack you did on purpose. Replayable auth tokens are the textbook way to create vulnerable systems, but Tigris ships them as a first-class feature with presigned URLs and so does every other object storage system on the planet. However this isn't an oversight because presigned URLs turn a weakness into a feature. Replay attacks are a real problem and the classic fix is miserable When you authenticate a request with Amazon's SigV4 protocol for Tigris, your client boils down the request to a canonical form: a SHA256 hash of the request's method, path, query parameters, signed headers and a SHA256 hash of the payload. It runs the result of that through HMAC with a signing key derived from your secret access key. Nothing secret ever crosses the wire. The server derives the same key as the client, does the same canonical form transformation, and compares the result. Being able to make a valid signature proves that the request came from someone holding the…

No comments yet. Log in to reply on the Fediverse. Comments will appear here.