Riverfount
@riverfount@bolha.us
Passionate and creative Python Developer and Open Source contributor. A tireless worker and quick learner obsessed with delivering value with quality software.
bolha.us
Riverfount
@riverfount@bolha.us
Passionate and creative Python Developer and Open Source contributor. A tireless worker and quick learner obsessed with delivering value with quality software.
bolha.us
@riverfount@bolha.us
·
Mar 26, 2026
Novo post no blog: JWT: três erros que todo mundo comete na primeira implementação
Você copia o exemplo do PyJWT, funciona, e acha que está pronto. Mas a implementação padrão tem três problemas sérios: aceitar o algoritmo que o token declara, ausência de revogação, e segredo fraco.
Para cada erro: o mecanismo, como explorar, e como corrigir.
https://riverfount.dev.br/posts/jwt_tres_erros/
#python #segurança #jwt #autenticação
2
0
1
wtfismyip
@wtfismyip@gnu.gl
I toot and boost random #cloud, #infosec, #IPv6, #Linux and #BSD stuff. Frequently #profane. Only CVEs are from before CVEs were cool. Brought to you by https://wtfismyip.com/
gnu.gl
High severity authorization #vulnerability in Keycloak:
- Of course it’s because of JWT
- If a project with a sole purpose is authn/authz is getting #JWT wrong, you probably are too.
0
0
0
You've seen all posts