I have a little app that uses JWT to make some transactions (on a virtual “currency”, like tokens or points or credits). I don’t need it to be super secure (it’s only going to be online for maybe 6 hours), and adding a database just increases overhead and response time from the server for every transaction.
For example, say a JWT contains the user’s current balance. It is signed by the server and sent to the client. Then, the client sends back the JWT every time it makes a transaction.
Are JWTs secure enough to create that I can just verify the signature and skip checking from DB? In my example, can I just proceed with the transaction without checking from a DB whether the user has enough balance to proceed with the transaction?
2 posts - 2 participants