Theres a way to send authorization header signed with hmac?

maclofin5 months ago

Hi, I want to resend events in traccar to a worker that will make some modifications/actions over the devices but I don't want that if someone have the authorization header could send to my worker data and make the worker make the unauthorized actions. For that reason I want to sign every event with hmac with a secret key and I'll do that the worker verify the signed message. It is possible? Maybe a script or option? alternatives? or its required to modify source code?

Anton Tananaev5 months ago

Is this about a question about Traccar? In your worker you can do anything you want.

maclofin5 months ago

Yes, about event forwarder, Traccar have an option that let you set the headers, I want to know if I can set a dynamic string depends of message body or timestamp.

I already have whitelist IP (thats the strong security option that I have).

Anton Tananaev5 months ago

If you want to do it inside Traccar, you would have to change the code.