Techly NewsGet the app

Get the latest tech news

How (not) to sign a JSON object (2019)


How (not) to sign a JSON object

You can’t always know what the “right” character out of context: is this the symbol for the unit of resistance (U+2126 OHM SIGN) or a Greek capital letter Omega (U+03A9)? Hold onto your butts, because this bug broke basically every SAML implementation under the sun in a masterful stroke. Addressed some problems noted in V2; for example: just signs the raw body bytes and doesn’t care about parameter ordering.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of JSON object

JSON object

« Scaling with PostgreSQL without boiling the ocean
Sony says PlayStation Plus members will get five-day extension after outage »