Skip to main content

Posts

Featured post

JWT Security Concept

  So question is that If you can decode Json Web token, how they are secure ? JWTs can be either signed, encrypted or both. If a token is signed, but not encrypted, everyone can read its contents, but when you don’t know the private key, you can’t change it. Otherwise, the receiver will notice that the signature won’t match anymore. Answer to your comment: I’m not sure if I understand your comment the right way. Just to be sure: do you know and understand digital signatures? I’ll just briefly explain one variant (HMAC, which is symmetrical, but there are many others). Let’s assume Alice wants to send a JWT to Bob. They both know some shared secret. Mallory doesn’t know that secret, but wants to interfere and change the JWT. To prevent that, Alice calculates  Hash(payload + secret)  and appends this as signature. When receiving the message, Bob can also calculate  Hash(payload + secret)  to check whether the signature matches. If however, Mallory changes something in the content, she is

Latest posts

RegEx, Pattern & Into to databases | 30 days of Code | Hacker Rank Solution | Python

Testing - 30 days of code | Hacker Rank Solution | Python

Nested Logic - 30 Days of code| hackerRank Solution| Python

More Linked List Hacker Rank Solution

BST Level Order Traversal Hacker Rank Solution

Binary Search Tree Hacker Rank Solution

Generic Hacker Rank Solution

Sorting Hacker Solution

Running Time and Complexity Hacker Rank Solution

Queue Stack Solution Hacker Rank