#backend

Articles tagged with #backend

Stop Putting Secrets in process.env: Encrypt Env Vars with AWS KMS
After a CVSS 10.0 RCE (CVE-2025-66478), we stopped trusting process.env. Here’s what I built instead
Feb 21, 202610 min read10
JWT vs PASETO vs Session-Based Auth
Secure Token Systems: What to Use and When
Jun 23, 20255 min read94
How to Prevent Replay Attacks with JWTs: JWS vs JWE and Fingerprint Validation in Node.js
JWTs are signed — but that doesn't make them safe from being reused by attackers
Jun 6, 20254 min read31