recentpopularlog in

mcherm : javascriptwebtokens   1

JWT (JSON Web Tokens) is a Bad Standard That Everyone Should Avoid - Paragon Initiative Enterprises Blog
Points out that a client can request the "none" encryption algorithm. Wait, what? Why can the client request anything? If libraries are accepting "none" and other broken encryption schemes, then THAT is the bug.
JavascriptWebTokens  security  cryptography  standards  via:HackerNews 
march 2017 by mcherm

Copy this bookmark:

to read