chore: update docs #28
Conversation
README.md
Outdated
| - Stored in some external services like KMS, Vault or something similar | ||
| - Read at run-time and supplied in this option | ||
| - Long enough | ||
| - Truly random sequence of characters |
There was a problem hiding this comment.
Is there a module or service we can recommend to generate this?
There was a problem hiding this comment.
Added hyperid & crypto-random-string
There was a problem hiding this comment.
I don't think hyperid can be considered a truly random char sequence generator in the sense we intend here. It does generate unique ids, just not random
There was a problem hiding this comment.
I just thought a generated hyperid string is good enough for a cookie secret, but yes, technically you're right.
Removed it.
There was a problem hiding this comment.
In this context it isn't. If you can guess what id is generated and you get hold of an encrypted cookie, you can decrypt it. In this context we need cryptographically secure secrets.
README.md
Outdated
| - Long enough | ||
| - Truly random sequence of characters | ||
|
|
||
| Apart from these safeguards, it's extremely important to use HTTPS for your website/app to avoid a bunch of other potential security issues like [MITM](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) etc. |
There was a problem hiding this comment.
Maybe add a link to letsencrypt
Checklist
npm run testandnpm run benchmarkand the Code of conduct