Image transcripion: shows a red sign with white text that says “STRICTLY NO ACCESS” mounted on a metal gate. The gate appears to be part of a fence around a park, with trees visible in the background but there is no fence around the gate or anywhere else
(Originally published earlier today on mastodon.social)
I generally use this picture to explain client-side security to an unsuspecting audience
Image transcription: A public emergency telephone with a sign stating “Only 911 can be dialed,” with the numbers 9 and 1 buttons taped to make it the only accessible dialing option.
There’s a difference between ‘I would rather the user didn’t do that’ and ‘We must not allow this to happen’.
User enters the empty string for their password recovery question? Don’t care. Let the Frontend handle this. If the user is capable enough to disable the frontend validation, they’re capable to remember their password.
User enters SQL as their password recovery question? Validate in the backend.
The key-code to open the gate is: 1234
they mean for wheelchairs.
window.isAuthenicated = true;
