Skip to content

Commit 5751ba5

Browse files
author
Riotaro OKADA
authored
Payload to Header
#127
1 parent 0c76eeb commit 5751ba5

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ Checklist of the most important security countermeasures when designing, testing
1414

1515
### JWT (JSON Web Token)
1616
- [ ] Use a random complicated key (`JWT Secret`) to make brute forcing the token very hard.
17-
- [ ] Don't extract the algorithm from the payload. Force the algorithm in the backend (`HS256` or `RS256`).
17+
- [ ] Don't extract the algorithm from the header. Force the algorithm in the backend (`HS256` or `RS256`).
1818
- [ ] Make token expiration (`TTL`, `RTTL`) as short as possible.
1919
- [ ] Don't store sensitive data in the JWT payload, it can be decoded [easily](https://jwt.io/#debugger-io).
2020

0 commit comments

Comments
 (0)