this is for holding javascript data
Alec Aivazis deleted JWTs_are_a_good_storage__.html
over 8 years ago
Commit id: 1ab341700aabae1b879c6db141fb044574b9ae7e
deletions | additions
diff --git a/JWTs_are_a_good_storage__.html b/JWTs_are_a_good_storage__.html
deleted file mode 100644
index 6eb3f37..0000000
--- a/JWTs_are_a_good_storage__.html
+++ /dev/null
...
JWTs are a good storage candidate because they allow for the client to be responsible for keeping track of the permissions of the currently logged in user. This removes the need for a session store in most cases which dramatically increases scalability and there are no more potential problem of synchronizing the store among processes with separate memory. However JWTs require a secret key to be decrypted which means it can't happen on the frontend with the same key that the server uses, say for its
csrf protection. A malicious visiter would be able to download the source code compiled on a few different views and look for similar strings. One of them would be the secret key so its easily brute-forcible.
diff --git a/layout.md b/layout.md
index fc5cc76..bdc45ba 100644
--- a/layout.md
+++ b/layout.md
...
untitled.html
JWTs_are_a_good_storage__.html
Because_of_this_it_s__.html
If_we_allow_ourselves_one__.html
How_do_we_store_the__.html