| ▲ | hparadiz 7 hours ago | |
Not checking the signature on every single JWT is the same as storing a password in plain text. | ||
| ▲ | Natfan a few seconds ago | parent [-] | |
worse, it's storing identities in an editable format that any attacker can use to impersonate any user, no? | ||