re: Securing Node.js RESTful APIs with JSON Web Tokens VIEW POST

re: Thank you for your reference. One security minded remark: You should never return a "user not found" message (or that the password is wrong) to the...

Yes, I agree fully. For demo purposes, I've made the explanations and code examples as simple as possible. But, I'd always suggest only returning a vague message such as "The credentials you entered are incorrect."

The password reset you mentioned is also a very delicate matter. I would never risk having it any other way than through e-mail instructions.

Thanks for this feedback and I'm glad you liked the article. :)

code of conduct - report abuse