Toerktumlare
Toerktumlare
Setting JWTs in local storage is bad practice according to OWASP, and makes JWTs suceptible to session steal through for instance an XSS. https://cheatsheetseries.owasp.org/cheatsheets/HTML5_Security_Cheat_Sheet.html#local-storage > Do not store session identifiers...
Spring security has had full JWT-support since 2017. Writing a custom security solution with some sort of custom security filter is bad practice. Thats why there are security standards, to...
Spring security 5 has full support for JWT tokens so there is no need to write a custom JWT filter. [https://docs.spring.io/spring-security/site/docs/current/reference/html5/#oauth2resourceserver-jwt-architecture](https://docs.spring.io/spring-security/site/docs/current/reference/html5/#oauth2resourceserver-jwt-architecture) I would even go as far to say that...
I was just wondering if it is possible to include the checksum for each release, provided in maybe the release notes. Would be nice to be able ensure download source...
https://github.com/SaiUpadhyayula/angular-reddit-clone/blob/598e431a2861e1b1586ee1ffd4555a1ea059861d/src/app/auth/shared/auth.service.ts#L46 Storing JWTs in local storage is a security risk in accordance to OWASP. LocalStorage is accessible from javascript which means in case of en XSS any token can be...
Storing tokens in memory is a huge security risk when it comes to XSS-attacks. If a malicious actor manages to perform such an attack, the actor can use the clients...
When installing core on for example a debian 10 machine [instructions](https://docs.microsoft.com/en-us/dotnet/core/install/linux-debian) tell us to download `packages-microsoft-prod.deb` and run to install gpg key and apt-repository. I have not been able to...
## This issue is a.... [ ] Bug [x] Other kind of issue (Please describe in detail) ## Current Behavior cloned the repo built it using the install script. Ran...
**Is your feature request related to a problem? Please describe.** I am an intermediate java developer that spent 3 hours reading about graphql, i am at the moment developing a...
**Is your feature request related to a problem? Please describe.** After looking at the webflux examples, reading more i finally got graphql working in my Webflux application. Had to downgrade...