- cross-posted to:
- netsec
- hackernews@lemmy.smeargle.fans
- netsec
- cross-posted to:
- netsec
- hackernews@lemmy.smeargle.fans
- netsec
This article is a great example why you should use your own router instead of ISP provided one
This article is a great example why you should use your own router instead of ISP provided one
I’m not a programmer but is it normal that the login page contains the whole main JavaScript code of a logged in user?
Also, what’s the point of having this kind of client side api? Because you can never trust the client shouldn’t be everything server side and only return a html page with the data related to your account?
It doesn’t matter that website loads javascript code for logged in user, as you need a token (which server will give you after a successful login) to authenticate to apis, it is pretty common to do that way
There wasn’t a client side API, but the API was missing crucial validation of user input (eg only checking the mac address but didn’t check who is actually authenticated)