Merge pull request shieldfy#4 from lgommans/patch-1

Linked jwt.io for decoding
wahomins · Jul 9, 2017 · 4a879fb · 4a879fb
2 parents 216a137 + 489eb68
commit 4a879fb
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/README.md b/README.md
@@ -10,7 +10,7 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Use random complicated key (`JWT Secret`) to make brute forcing token very hard.
 - [ ] Don't extract the algorithm from the payload. Force algorithm in the backend (`HS256` or `RS256`). 
 - [ ] Make token expiration (`TTL`, `RTTL`) short as possible.
-- [ ] Don't store sensitive data in the JWT payload, it can be decoded easily.
+- [ ] Don't store sensitive data in the JWT payload, it can be decoded [easily](https://jwt.io/#debugger-io).
 
 ### OAuth
 - [ ] Always validate `redirect_uri` on server side to allow only whitelisted URLs.