0
I have an application that runs on one door and I need to call another application on another port, to pass a token.
Passing a token per query param in the url is good practice?
0No answers
Browser other questions tagged webrequest
You are not signed in. Login or sign up in order to post.
The problem is that this way the token is vulnerable so that anyone can intercept it. I have the same situation as you, and I ended up not being able to think of a solution, however my site has
https– Rodrigo K.B
But without the secret key, the token doesn’t get insecure. I’m using JWT and always need a secret key to do something, you know?
– Guilherme Nass
I suggest you take a test, take the token and use it in a request outside your client project. I have the same settings as you, and in my case I got access. That’s why I opted for
https, I also made my token have maximum validity of 24hs. But I still worry.– Rodrigo K.B