₿.

Built something but don’t know how to launch it? Try these platforms ⬇️ @ProductHunt @MicroLaunchHQ @BetaList @IndieHackers @hackernews @LaunchingNext @devhunt_ @toolfolio @SaaSHubCom @AlternativeTo @Peerlist @tinystartups @FazierHQ @sideprojectors @launchigniter @lab_startups @UneedLists @FirstoContact @peerpush_net @startupstash @RankInPublic @orynth @poweredbyai_app @HUNT0_HAHAHA @ailaunchspace If you have any others, you can list them in the comments. 🏴‍☠️

@StellaSLcode 😂 Lunaire

Qui a testé le traducteur d'openAI (apparemment pas eux en tout cas 🤣) ?

@VadimStrizheus splorix.com scans your infrastructure in real time to detect, prioritize, and fix security vulnerabilities with clear and actionable results. It also monitors domains similar to yours in real time so you can detect phishing & nuisance attempts before your users do.

Happy Monday Founders! Share what you’re building this week. 👇

@1Umairshaikh splorix.com scans your infrastructure in real time to detect, prioritize, and fix security vulnerabilities with clear and actionable results. It also monitors domains similar to yours in real time so you can detect phishing & nuisance attempts before your users do.

What are you building this week? Drop your project URL Let’s drive some traffic

Splorix is now LIVE! 🚀 Looking for beta testers to: ✔️ Test the platform ✔️ Find bugs ✔️ Share feedback & advice Splorix scans your infrastructure in real time to detect, prioritize, and fix security vulnerabilities with clear and actionable results. It also monitors domains similar to yours in real time so you can detect phishing & nuisance attempts before your users do. Completely free, no credit card required! ✅ 👉 Want to help? DM me and go to splorix.com

@bzagrodzki 🏴‍☠️🎯 splorix.com

Giving away backlinks Drop your website below 👇

Like & RT if this thread helped you! 👇 🔗 Useful Resources: jwt.io (JWT debugger) RFC 7519 (JWT Standard) rfc-editor.org/rfc/rfc7519 OWASP JWT Cheat Sheet cheatsheetseries.owasp.org/cheatsheets/JS…

JWT Alternatives: When Not to Use JWTs JWTs aren’t always the best choice. Consider alternatives when: ❌ You need to revoke tokens early (JWTs are stateless; revocation requires a blacklist). ❌ You’re dealing with highly sensitive data (use encrypted tokens like JWE instead). ❌ You need fine-grained permissions (consider OAuth2 + opaque tokens).

JWT Security Best Practices JWTs are powerful, but misconfigurations can lead to major vulnerabilities. Here’s how to stay safe: ✅ Never hardcode secrets in your code (use environment variables). ✅ Rotate keys periodically (especially if a breach is suspected). ✅ Use strong keys (2048+ bits for RSA, 256+ bits for ECDSA). ✅ Always set an exp claim (short-lived tokens are safer). ✅ Use refresh tokens for long-lived sessions (instead of extending JWT expiry). ✅ Avoid localStorage (vulnerable to XSS). ✅ Prefer HttpOnly cookies (protects against XSS). ✅ Use Secure and SameSite flags for cookies. ✅ Always verify the signature before trusting a JWT. ✅ Check standard claims (exp, iss, aud). ✅ Reject tokens with alg: none (no signature = insecure!).

How to Read & Debug JWTs with jwt.io jwt.io is a must-use tool for JWT debugging. Here’s how to use it: 1️⃣ Paste your JWT into the left panel. 2️⃣ Decoded Header & Payload appear on the right. 3️⃣ Verify the signature: For HS256: Enter the secret key. For RS256: Enter the public key (PEM format). ⚠️ Never paste production JWTs into public tools unless you’re okay with them being decoded..

Symmetric vs. Asymmetric Signing: HS256 vs. RS256 JWTs can be signed in two ways: 1. Symmetric (HMAC - HS256, HS384, HS512) Uses a single shared secret key for signing and verification. 👍 Fast (less computational overhead) and simple to implement. 👎 If the key leaks, attackers can forge tokens. Not ideal for microservices (every service needs the same key). 2. Asymmetric (RSA - RS256, RS384, RS512 / ECDSA - ES256) Uses a private key (to sign) and a public key (to verify). 👍 More secure (private key stays secret). Better for distributed systems (only the auth server needs the private key). 👎 Slower (more computational overhead) and requires key management.

The Signature: How JWTs Stay Secure The signature is what makes JWTs trustworthy. It’s generated by: Taking the Base64Url-encoded header + payload. Signing it with a secret key (symmetric) or private key (asymmetric). If the token is modified, the signature won’t match → rejected by the server. Example (HS256) :

🧵 [THREAD] JWT (JSON Web Tokens) Explained: Secrets, Public/Private Keys & jwt.io JWTs are the backbone of modern authentication. But how do they really work? Let’s break down: ✅ How JWTs are structured ✅ Symmetric vs. asymmetric signing (HS256 vs. RS256) ✅ How to read & debug JWTs with jwt.io ✅ Security best practices Let’s dive in! 👇

Payload (Base64Url decoded): - sub: Standard claim for user identification. - iat: When the token was issued. - exp: Expiration time (not in this example, but critical!).

Decoding a JWT: Header & Payload Let’s decode the example above: Header (Base64Url decoded): - alg: Algorithm used for signing (HS256 = HMAC-SHA256). - typ: Token type (JWT).

JWTs 101: The Basics A JSON Web Token (JWT) is a compact, URL-safe way to transmit data between parties as a JSON object. It’s signed, meaning you can verify its integrity. A JWT has 3 parts, separated by dots (.): 1️⃣ Header – Contains the algorithm (alg) and token type (typ). 2️⃣ Payload – Contains "claims" (user data, expiration, etc.). 3️⃣ Signature – Ensures the token hasn’t been tampered with. Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

@kylian_khalifa @taap__it Félicitations 😈 hâte de voir la suite !

Ce mois de janvier est le dernier mois où je serai seul à piloter la croissance de @taap__it Le 1er février, @taap__it aura un CMO On va encore une fois réaliser de loin notre meilleur mois, on va sûrement finir à plus de 30 000 $ Le momentum commence L’avantage avec le momentum dans le software, c’est qu’il ne s’arrête jamais quand t’as bien bossé tes bases (ton produit) Vous verrez que maintenant, tout va nous réussir Tout va paraître « simple » La vérité, c’est que j’ai tout fait pour provoquer ce moment Ce qui va se passer n’est que le résultat de tous les intérêts composés accumulés avec le temps, et le paiement de tout le focus qu’on a gardé durant ces derniers mois On a gagné cette première bataille En bootstrappant Et qu’avec du produit Maintenant, on va faire du vrai marketing, on va distribuer ce produit, on va le monétiser, le vendre Et ne pas faire l’erreur que font tous les fondateurs qui ont la chance d’avoir un produit viral en product-led growth : se contenter uniquement de lui pour grossir Le vrai travail commence maintenant 🏴‍☠️

Big news! Two projects are coming your way VERY soon. 👀 Free beta access to try them first, who’s ready?

API key management made simple & scalable Built with Nuxt 4 What do you think? 👇 #Dev @Nuxt

Claude Code + Ollama Cloud = pure coding joy. No limits, smooth dev, and time for coffee ☕✨