DEV Community

loading...

Discussion on: Practical Rust Web Development - Authentication

Collapse
werner profile image
Werner Echezuría Author

Hi, thanks for reporting this, I'll fix it as soon as possible.

Regards.

Collapse
lightwizzard profile image
Jeffrey Scott Flesher

I was reading about security issues with jwt, I am looking at docs.rs/crate/rust-argon2/0.6.0 it uses Argon2i, I know you said you use it for its stateless features, but that is also an exploitable security risk, whereas Cookies are not the best way to stay stateless and be secure, you can use in-memory cookies or even in-memory sessions, you can even encrypt them, but passing them in json is a nightmare for middle man attacks, and in-memory are safer, and faster IMO.

I am working on this now, trying to come up with a better solution.