Hi all,
during my work in [1] I realized that the OOTB JWT authorization /
single sign on is switched on by default. The logic to retrieve the
secret key uses a default if there is no configuration in SystemProperty
or security.properties.
This makes it easy to prepare a JWT (e.g. by using [
I've just reviewed the code of JWT implements. Sorry for my bad English, I'm a
bit lost, are we discussing which one is more secure, the tomcat session or JWT?
-邮件原件-
发件人: Michael Brohl [mailto:michael.br...@ecomify.de]
发送时间: 2019年1月19日 19:58
收件人: dev@ofbiz.apache.org
主题: [DISCUSSION] t
No, we are mainly discussing if we should turn off the JWT functionality
in the default setting and what could be done to make the current
implementation more secure / fail proof.
Am 19.01.19 um 16:54 schrieb Shi Jinghai:
I've just reviewed the code of JWT implements. Sorry for my bad English
