"Always add a backend verification, and prevent stuff when displaying public/user inputs !"
YELL THAT FOR THE PEOPLE IN THE BACK.
I've gotten into arguments with BE devs who think since I'm doing regex on the FE you don't need it on the back. squints eyes Then remind them you can bypass FE things if your setup doesn't account that or if there's a Man In The Middle attack, how do you safeguard the BE. I tend to remind them that the FE should be dumb as rocks with some nice bells and whistles.
Yeah, front security is pretty important, and should always be considered (and associated to back security).
I teach sometimes and one of my favored 'hack' to mind blow the students is to use the inspector to change form fields types and classes :')
"You field is secure by type AND js ? Well no more type, and no more js event {if it's based on the form class}, Now I can input whatever I want..."
Like a blog comment
or
Always add a backend verification, and prevent stuff when displaying public/user inputs !
:D
"Always add a backend verification, and prevent stuff when displaying public/user inputs !"
YELL THAT FOR THE PEOPLE IN THE BACK.
I've gotten into arguments with BE devs who think since I'm doing regex on the FE you don't need it on the back. squints eyes Then remind them you can bypass FE things if your setup doesn't account that or if there's a Man In The Middle attack, how do you safeguard the BE. I tend to remind them that the FE should be dumb as rocks with some nice bells and whistles.
--- But that last one is more of my opinion shrug
Feel free to adress them my kind regards then
and they definitly should check their databases inputs :')thepracticaldev.s3.amazonaws.com/i...