There are ways with downsides to mitigate the risk logging requests.
HMAC with time component will render the data useless before long. Essentially OTP. Downside client time needs to be accurate.
Negotiate a shared key ala NTLM. Downside more round trips; essentially establishing encrypted transport inside encrypted transport (https).
There are ways with downsides to mitigate the risk logging requests.
HMAC with time component will render the data useless before long. Essentially OTP. Downside client time needs to be accurate.
Negotiate a shared key ala NTLM. Downside more round trips; essentially establishing encrypted transport inside encrypted transport (https).