Harcoded and guessable jwt secret

FACN3 / spend500

week 7 project

0 stars 1 forks source link

Harcoded and guessable jwt secret #41

Open des-des opened 6 years ago

des-des commented 6 years ago

Your JWT secret should be a long random string. Also it should not be be hard coded. https://github.com/FACN3/spend500/blob/master/src/handlers/handleCreateUser.js#L79

MynahMarie commented 6 years ago

Done. Created a script to generate a random string and put that script in git ignore. Ran the script once from terminal and added the environmental variable SECRET to config.env file... Is that the correct way?

des-des commented 6 years ago

@MynahMarie that sounds fine!