Notes taken between: 25-01 February/March 2019
known security issue to be mindful of when choosing a jwt libraries
some libraries treated tokens signed with the none algorithm as a valid token with a verified signature. The result? Anyone can create their own "signed" tokens with whatever payload they want,
allowing arbitrary account access on some systems. https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
RSA
creating a public/private key
openssl genrsa -out app.rsa 2048
openssl rsa -in app.rsa -pubout
-
alternative to ctrl+c :
history | grep <insert search term -
pprof package. This profiling information is useful to track down memory leaks or deadlocked mutexes.
-
globals should be avoided because if modified all uses of it need updating as well.