a year ago
Hi, is there any way to make SSL pinning working on Railway? I need my custom or a static SSL certificate that does not change a fingerprint
14 Replies
a year ago
i wanna take a guess, some esp project?
nah, a desktop app and want to make our Auth API more secure, because rn some ppl are spoofing the auth request and basically bypassing a license verification
a year ago
oh interesting, but this wouldnt be possible, i also don't see how a pinned ssl cert helps here?
yh i figured out a couple mins ago :/ it would be just another layer of security, we would be sure that the response is original from our auth api and not spoofed via proxy like Fiddler or so
a year ago
if users can spoof auth so easily, you have far bigger issues imo
well they were up until now, its just one guy now (like 3 in the past year totally) but still, we dont like anyone using our app for free
a year ago
I think you should rethink your auth then, i don't think it's an efficient use of time to go off and worry about ssl
auth wasn't made by me 😄 it was secure enough up until now, it was actually made by an ex-google engineer lol
a year ago
does that explain the ex part?
a year ago
well no time for an auth re-write like the present