Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Wow, I wish people would stop complaining about JWTs..

JWTs are a silver bullet, but it's nicer than rolling your own signing scheme.

Don't run with scissors, don't do security if you don't understand your primitives..



The alternative to JWTs isn't rolling your own signing scheme. Use PASETO instead. https://paseto.io

But the issue being discussed in this article is about how JWTs are being used, not JWTs themselves.

> don't do security if you don't understand your primitives..

The security industry needs to do more to provide tools that do security for people who don't understand their primitives.


> JWTs are a silver bullet, but it's nicer than rolling your own signing scheme.

you can use HMAC to sign session cookies as well, the issue isn't about signing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: