Weak obfuscation of web requests makes your application vulnerable to unauthorized access. Using stronger obfuscation significantly reduces the chances of attacks due to unauthorized access.
1var jwt = require('jsonwebtoken')
2function weakObfuscationOfRequestNoncompliant() {
3 // Noncompliant: secret is hardcoded.
4 var secret = "secret"
5 jwt.sign(payload, secret)
6}
1var jwt = require('jsonwebtoken')
2function weakObfuscationOfRequestCompliant() {
3 // Compliant: secret is properly loaded from environment variables.
4 var secret = process.env.JWT_TOKEN_SECRET
5 jwt.sign(payload, secret)
6}