public marks

PUBLIC MARKS with tags jwt & security

08 May 2017 10:45

Things to Use Instead of JWT | Kevin Burke

by Spone
You might have heard that you shouldn't be using JWT. That advice is correct - you really shouldn't use it. In general, specifications that allow the attacker to choose the algorithm for negotiation have more problems than ones that don't (see TLS). N libraries need to implement M different encryption and decryption algorithms, and an attacker only needs to find a vulnerability in one of them, or a vulnerability in their combination. JWT has seen both of these errors; unlike TLS, it hasn't already been deployed onto billions of devices around the world.

PUBLIC TAGS related to tag jwt

javascript +  

Active users

Spone
last mark : 08/05/2017 10:50