阅读背景:

为什么JSON Web Tokens(JWT)应该使用环境变量进行签名?

来源:互联网 

In various tutorials I'm finding them all saying that "JWTs should be signed by an environment variable and not hard-coded into an application". From a security standpoint, if a hacker were to gain access to my Node.js application's source code, I'm assuming they could also see the environment variables on the server's system? How is it inherently more secure to call an environment variable from within Node vs. hard-coding the app's source code?In various tutorials I'm finding them all sayin




你的当前访问异常,请进行认证后继续阅读剩余内容。

分享到: