> At the very least you should propose an alternative that people use besides JWTs PASETO:

some_furry • yesterday at 11:14 PM • 2 replies • view on HN

> At the very least you should propose an alternative that people use besides JWTs

I thought this was common knowledge on HN?

> if you're going to vaugly hand wave about the scary security issues of 2021 firebase, and 2020 Npm packages reported by Auth0.

These are issues caused by the JWT standard.

https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-ba...

Replies

big_youth • today at 12:25 AM

> I thought this was common knowledge on HN?

Just as an aside but I would never say this, this is why people hate security teams. I'm a security 'expert' with 15+ years in the industry including speaking at DEFCON, Blackhat, and all that.

I had no idea about these issues and have never heard of PASETO until now! I'm actually a few months in into my startup and we are using JWT for a lot of stuff so this is very relevant. Thanks for sharing! But if I can't keep up with everything then devs who don't do this all day simply cannot.

➕ show 1 reply

1oooqooq • today at 2:18 AM

it's not common knowledge in hn because 99pct here is stuck with jwt, which only exist to sell auth SaaS subscriptions to people coding on nodejs, were the middle ware to habdle auth cannot talk to a database. it's crazy.

alt Hacker News

Replies