Notes taken between: 25-01 February/March 2019
some libraries treated tokens signed with the none algorithm as a valid token with a verified signature. The result? Anyone can create their own "signed" tokens with whatever payload they want, allowing arbitrary account access on some systems. https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
creating a public/private key
openssl genrsa -out app.rsa 2048
openssl rsa -in app.rsa -pubout
- alternative to ctrl+c :
history | grep <insert search term
- pprof package. This profiling information is useful to track down memory leaks or deadlocked mutexes.
- globals should be avoided because if modified all uses of it need updating as well.