5 lines
291 B
Plaintext
5 lines
291 B
Plaintext
If a JSON Web Token (JWT) is not signed with a strong cipher algorithm (or not signed at all) an attacker can forge it and impersonate user identities.
|
|
|
|
* Don't use ``++none++`` algorithm to sign or verify the validity of a token.
|
|
* Don't use a token without verifying its signature before.
|