Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Completely, for some things it’s okay to trust the JWT. Nobody is saying let people transfer money or view government secrets with only a JWT and no security in depth. However receiving and potentially sending ephemeral communications seems fine, nobody got hurt in the 30mins the stolen token was valid for!


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: