Image transcripion: shows a red sign with white text that says “STRICTLY NO ACCESS” mounted on a metal gate. The gate appears to be part of a fence around a park, with trees visible in the background but there is no fence around the gate or anywhere else


(Originally published earlier today on mastodon.social)

  • bertrand 🏃 👨‍💻 🎸@piaille.fr
    link
    fedilink
    arrow-up
    18
    ·
    edit-2
    9 months ago

    I generally use this picture to explain client-side security to an unsuspecting audience

    Image transcription: A public emergency telephone with a sign stating “Only 911 can be dialed,” with the numbers 9 and 1 buttons taped to make it the only accessible dialing option.

  • bleistift2@feddit.de
    link
    fedilink
    arrow-up
    14
    ·
    9 months ago

    There’s a difference between ‘I would rather the user didn’t do that’ and ‘We must not allow this to happen’.

    User enters the empty string for their password recovery question? Don’t care. Let the Frontend handle this. If the user is capable enough to disable the frontend validation, they’re capable to remember their password.

    User enters SQL as their password recovery question? Validate in the backend.

    • XTornado@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      9 months ago

      The issue with your example is that it could be that there was a bug and the user didn’t disable the validation and intend to send an empty string.

  • Gokul Das@fosstodon.org
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    9 months ago

    How about input sanitization entirely on the client side? That’s what a university did with its exam results database. I wonder how many times it got hacked.

  • taanegl@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    9 months ago

    Some fat cop in riot gear with mace and baton waiting behind the bushes. Like uh oh, 6 year old. Better use Mace Jr and the little pink nightstick.

  • bastian_5@sh.itjust.works
    link
    fedilink
    arrow-up
    1
    ·
    9 months ago

    It’s a suggestion, and just enough enforcement to stop people from accidentally wandering that way. Who knows, it might actually be a “don’t go this way, there’s something dangerous” kind of thing, or they could have actual security further along.