-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
jwt签名内容包含了用户的密码,签名只可验证不能保密,会泄漏密码,只包含用户id就好了吧 #128
Comments
是的,看到将用户名和密码的信息摘要写了进去,后来我用的时候又改写的 |
我自己简单改了下,只存username,去掉password,有效期改为配置项了。 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No description provided.
The text was updated successfully, but these errors were encountered: