mayfly-go/server/config.yml.example at a17fa5a103e42bced00ee7473391efec7ec7ba4f

mirror of https://gitee.com/dromara/mayfly-go synced 2026-05-28 22:05:18 +08:00

Files

saa99999 a17fa5a103 Fix CWE-347: JWT algorithm confusion + CWE-798: hardcoded credentials in example config (#131 )

- Add HMAC algorithm verification in ParseToken to prevent JWT algorithm
  confusion attacks (CWE-347). Reject tokens with non-HMAC signing methods.
- Replace hardcoded secrets in config.yml.example with empty values
  (JWT key, DB password, AES key) to prevent users from deploying with
  weak/known credentials (CWE-798).

2026-05-27 19:10:12 +08:00

1.7 KiB

Raw Blame History

View Raw

1.7 KiB Raw Blame History

1.7 KiB

Raw Blame History