Hacker News new | past | comments | ask | show | jobs | submit login

Anything when not used as it was designed to be used is dangerous.

JWT is a very useful technology, one that increases UX by decreasing overall latency.

Any technology, can be "abused" or used by people that do not understand how it works, and as a result you will have an insecure system.




The technology here is digital signatures.

JWT is a standard for using that technology, and one that makes several design decisions which make it fragile.

This is the difference between, say, the idea of a car (and the benefits thereof) and a Ford Pinto.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: