If you're working in FinTech, you might need to skip this technique. Everyone else should be doing this by default.
I don't understand this statement. Stimulus is JS. Why should the suggested controller exposure make any difference in FinTech compared to other areas?
Fair question, but you're reading into it too deeply.
Exposing the internal state of a controller theoretically exposes logic that might offer an attacker insight and therefore subtly increase the attack surface.
Yes, someone could go to the trouble of accessing the same data structures indirectly, but this makes easy and direct.
It was ultimately a wink, not an actual warning.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I don't understand this statement. Stimulus is JS. Why should the suggested controller exposure make any difference in FinTech compared to other areas?
Fair question, but you're reading into it too deeply.
Exposing the internal state of a controller theoretically exposes logic that might offer an attacker insight and therefore subtly increase the attack surface.
Yes, someone could go to the trouble of accessing the same data structures indirectly, but this makes easy and direct.
It was ultimately a wink, not an actual warning.