Closed peterdeme closed 6 years ago
bcuff
commented
6 years ago Are you saying that you want to avoid computing the signature for each request by reusing past signatures for other requests? That would only work for requests that were exactly the same.
peterdeme
commented
6 years ago Exactly the same? I might miss something but isn't only Uri and HttpMethod getting encrypted in SignV4Util class?
bcuff
commented
6 years ago The URL, http method, body, and any HTTP headers that may be parameters to the request are involved in the signature.
peterdeme
commented
6 years ago Yeah, I missed the body. Thanks.
Hi Brandon!
That's a great library. I have one question. Here, it looks like a signature is valid for 15 minutes:
"The signed portions (using AWS Signatures) of requests are valid within 15 minutes of the timestamp in the request."
Do you think it would be a good idea to re-use signature for at least ~10 minutes? Or at least make it an option? I believe the overhead would be much more smaller than the current solution.
You can have a signature pool where the key is the http method and the request uri, and the value is the computed signature.
Thanks