Friday, April 22, 2022

Code & Coffee 4/8/2022

 Code & Coffee 4/8/2022

  • Meetings!
    • Why so many
    • Looking for 
    • Example
      • Meeting about a service
      • Dev team was attempting to create an unauthenticated service with no ssl
      • Meeting was to discuss that
      • How did that come to be?
  • Meetings turned into Authentication and security
    • Why is it acceptable to create an unauthenticated unsecure service?
    • Is there training needed?
      • Oauth and JWT?
    • JWT / jot what are you talking about?
      • it is suggested in rfc7519 to pronounce JWT as "jot"

Is it safe to store JWT in memory?
To reiterate, whatever you do, don't store a JWT in local storage (or session storage). If any of the third-party scripts you include in your page is compromised, it can access all your users' tokens. To keep them secure, you should always store JWTs inside an httpOnly cookie

No comments:

Post a Comment