Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prefer x-hub-signature-256 header with sha256 for improved security #6

Open
ishmam-mahmud opened this issue Sep 23, 2022 · 1 comment
Open

Prefer x-hub-signature-256 header with sha256 for improved security #6

ishmam-mahmud opened this issue Sep 23, 2022 · 1 comment

Comments

@ishmam-mahmud
Copy link

The securing webhooks documentation notes that the SHA1 header is still there only for backwards compatibility purposes, while recommending the SHA256 header for improved security.

I suggest this package move to SHA256 and only use the SHA1 header as a secondary resort instead.
@mwhitworth mwhitworth mentioned this issue Mar 9, 2024
Closed
@mwhitworth
Copy link

mwhitworth commented Mar 10, 2024
edited

My fork github_webhook has migrated to using X-Hub-Signature-256 for validation, without the fallback to SHA1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mwhitworth @ishmam-mahmud