R
Railwayβ€’5w ago
Juice

SSL pinning

Hi, is there any way to make SSL pinning working on Railway? I need my custom or a static SSL certificate that does not change a fingerprint
Solution:
if users can spoof auth so easily, you have far bigger issues imo
Jump to solution
13 Replies
Percy
Percyβ€’5w ago
Project ID: N/A
Juice
JuiceOPβ€’5w ago
N/A
Brody
Brodyβ€’5w ago
i wanna take a guess, some esp project?
Juice
JuiceOPβ€’5w ago
nah, a desktop app and want to make our Auth API more secure, because rn some ppl are spoofing the auth request and basically bypassing a license verification
Brody
Brodyβ€’5w ago
oh interesting, but this wouldnt be possible, i also don't see how a pinned ssl cert helps here?
Juice
JuiceOPβ€’5w ago
yh i figured out a couple mins ago :/ it would be just another layer of security, we would be sure that the response is original from our auth api and not spoofed via proxy like Fiddler or so
Solution
Brody
Brodyβ€’5w ago
if users can spoof auth so easily, you have far bigger issues imo
Juice
JuiceOPβ€’5w ago
well they were up until now, its just one guy now (like 3 in the past year totally) but still, we dont like anyone using our app for free
Brody
Brodyβ€’5w ago
I think you should rethink your auth then, i don't think it's an efficient use of time to go off and worry about ssl
Juice
JuiceOPβ€’5w ago
auth wasn't made by me πŸ˜„ it was secure enough up until now, it was actually made by an ex-google engineer lol but time to rewrite
Brody
Brodyβ€’5w ago
does that explain the ex part?
Juice
JuiceOPβ€’5w ago
nah more like budget limited πŸ˜„
Brody
Brodyβ€’5w ago
well no time for an auth re-write like the present
Want results from more Discord servers?
Add your server