Taggart :donor: on Nostr: nprofile1q…t8sec If a server is not validating the contents of these parameters, it ...
nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpq0fguxqw02pwg54k29mpl82pawey806uyc85z93kntnh2hevg4utqdt8sec (nprofile…8sec)
If a server is not validating the contents of these parameters, it may be possible for an attacker to generate self-signed tokens that would be accepted by the server
So the trick is that the server has to not be verifying the signature with its own private key, which would still be a secret under normal circumstances.
If a server is not validating the contents of these parameters, it may be possible for an attacker to generate self-signed tokens that would be accepted by the server
So the trick is that the server has to not be verifying the signature with its own private key, which would still be a secret under normal circumstances.