Skip to content

Commit e43fa39

Browse files
netcodenetcode
authored
Merge pull request #129 from okdt/patch-2
Payload to Header
2 parents 0c76eeb + 5751ba5 commit e43fa39

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ Checklist of the most important security countermeasures when designing, testing
1414

1515
### JWT (JSON Web Token)
1616
- [ ] Use a random complicated key (`JWT Secret`) to make brute forcing the token very hard.
17-
- [ ] Don't extract the algorithm from the payload. Force the algorithm in the backend (`HS256` or `RS256`).
17+
- [ ] Don't extract the algorithm from the header. Force the algorithm in the backend (`HS256` or `RS256`).
1818
- [ ] Make token expiration (`TTL`, `RTTL`) as short as possible.
1919
- [ ] Don't store sensitive data in the JWT payload, it can be decoded [easily](https://jwt.io/#debugger-io).
2020

0 commit comments

Comments
 (0)