I plan to use JSON Web Tokens for a new web application that I am developing in Angular 2. Since I did not use it before reading some tutorials to understand how this works. I read in an online resource that unprotected JWTs are rarely found in practice. I was wondering if signature and encryption add any additional security benefits in the following (general) use case:
I am developing an application that creates price cards / posters for a company that owns a couple of consumer electronics stores. Basically, all users send the price map format and some formatting details to the backend. As a result, a PDF is created and returned backend to my application.
This is a simple application that has one task (I would suspect that most web applications look like this?). Why should I perform verification (signature) and security (encryption) if this application is served through a secure TLS connection? Wouldn’t it be superfluous and only slow down my application? Or is signing and encryption just the best practice that should be implemented as far as possible?
source
share