Monthly Archives: June 2014
Securing secret token by generating new token dynamically
Many of us already know the reason to omit pushing secret token into version repository to secure the application. Attacker can take the secret token and re-generate valid cookies for your applications or check out what other users have inside their account. The solution is to: Generate manual key Not push the token into version…