Y
Hacker News
new
|
ask
|
show
|
jobs
by
hasley
7 days ago
Can't a system be DDoS'ed with wrongly signed JWTs as well?
Is signature checking (much) cheaper than finding an opaque session ID in a database?
1 comments
jongjong
7 days ago
Yes but it only impacts your stateless app servers which are easier to scale. Your backend services/stores are protected and not affected by the attack.
link