samsch

Stop using JWTs!

TLDR: JWTs should not be used for keeping your user logged in. They are not designed for this purpose, they are not secure, and there is a much better tool which is designed for it: regular cookie sessions.

If you've got a bit of time to watch a presentation on it, I highly recommend this talk: https://www.youtube.com/watch?v=pYeekwv3vC4 (Note that other topics are largely skimmed over, such as CSRF protection. You should learn about other topics from other sources. Also note that "valid" usecases for JWTs at the end of the video can also be easily handled by other, better, and more secure tools. Specifically, PASETO.)

A related topic: Don't use localStorage (or sessionStorage) for authentication credentials, including JWT tokens: https://www.rdegges.com/2018/please-stop-using-local-storage/

The reason to avoid JWTs comes down to a couple different points:

• The JWT specification is specifically designed only for very short-live tokens (~5 minute or less). Sessions

miguelmota

package crypto

import (
	"golang.org/x/crypto/blake2b"
)

// NewBlake2b256 ...
func NewBlake2b256(data []byte) []byte {
	hash := blake2b.Sum256(data)
	return hash[:]

joyrexus

collapsible markdown?

CLICK ME

yes, even hidden code blocks!

print("hello world!")

walm

package main

import (
	"fmt"
	"log"
	"strconv"

	"github.com/miekg/dns"
)

jagrosh

Step 1 - Make a Discord Webhook

1. Find the Discord channel in which you would like to send commits and other updates

2. In the settings for that channel, find the Webhooks option and create a new webhook. Note: Do NOT give this URL out to the public. Anyone or service can post messages to this channel, without even needing to be in the server. Keep it safe!

Step 2 - Set up the webhook on Github

1. Navigate to your repository on Github, and open the Settings

thomas11

import (
	"runtime"
	"time"
)

...

	go func() {
		for {
			var m runtime.MemStats