|
|
|
|
|
|
by daliwali
3262 days ago
|
|
|
>JWT might be the one case in all of practical computing where you might be better off rolling your own crypto token standard than adopting the existing standard. This isn't the first time I heard this claim, but I've also read that vulnerabilities were related to libraries and implementations, not the standard itself. Is it true? To me, I don't see the benefit of passing meaningful information via JWT, and it might even pose a risk. >simple bearer tokens I guess you mean cryptographically secure random byte strings? |
|
|