this post was submitted on 18 Feb 2024
157 points (100.0% liked)

tails: A Place for Mastodon Posts

328 readers
1 users here now

A virtual community

Posts from Mastodon users, featured natively in a community, so you can view them without the need for them to be re-hosted or screenshoted, and reply to the original author and Mastodon respondents if you wish.

Has so far included content from Warsandpeas, Mr. Lovenstein, SMBC, Loading Artist, Low Quality Facts, nixCraft, ElleGray, and other interesting or provocative stuff I've random'd across on Mastodon.


Supported:
Comments & Upvotes
Unsupported:
Posts, Downvotes, & PD's Automod

founded 11 months ago
MODERATORS
 

Image transcripion: shows a red sign with white text that says "STRICTLY NO ACCESS" mounted on a metal gate. The gate appears to be part of a fence around a park, with trees visible in the background but there is no fence around the gate or anywhere else


(Originally published earlier today on mastodon.social)

top 16 comments
sorted by: hot top controversial new old
[–] bertrand@piaille.fr 19 points 10 months ago* (last edited 10 months ago) (1 children)

I generally use this picture to explain client-side security to an unsuspecting audience

Image transcription: A public emergency telephone with a sign stating "Only 911 can be dialed," with the numbers 9 and 1 buttons taped to make it the only accessible dialing option.

[–] TootSweet@lemmy.world 7 points 10 months ago (1 children)

Joke’s on them. The number I wanted to dial was 1-999-999-9999.

[–] uis@lemm.ee 2 points 10 months ago (1 children)
[–] bleistift2@feddit.de 14 points 10 months ago (1 children)

There’s a difference between ‘I would rather the user didn’t do that’ and ‘We must not allow this to happen’.

User enters the empty string for their password recovery question? Don’t care. Let the Frontend handle this. If the user is capable enough to disable the frontend validation, they’re capable to remember their password.

User enters SQL as their password recovery question? Validate in the backend.

[–] XTornado@lemmy.ml 1 points 10 months ago

The issue with your example is that it could be that there was a bug and the user didn’t disable the validation and intend to send an empty string.

[–] MugsysRapSheet@mastodon.social 7 points 10 months ago* (last edited 10 months ago)

The key-code to open the gate is: 1234

[–] dkloke@mastodon.social 5 points 10 months ago* (last edited 10 months ago)

they mean for wheelchairs.

[–] what_about_second_breakfast@mstdn.ca 2 points 10 months ago* (last edited 10 months ago)

window.isAuthenicated = true;

[–] gabik65@fosstodon.org 2 points 10 months ago* (last edited 10 months ago)

Reminds me of an "App" me and two of my friends made for an assignment in university :blobfoxblush:

[–] bastian_5@sh.itjust.works 1 points 10 months ago

It’s a suggestion, and just enough enforcement to stop people from accidentally wandering that way. Who knows, it might actually be a “don’t go this way, there’s something dangerous” kind of thing, or they could have actual security further along.

[–] mark@waterford.international 1 points 10 months ago* (last edited 10 months ago)

To be fair, I’d give up. Don’t want to get muddy shoes. Take the hint I say.

[–] bojanland@mastodon.online 1 points 10 months ago* (last edited 10 months ago)

When will Linux introduce the feature of a changeable name of the superuser? I don't like the name root, I want to change it on my system. Proper flexibility allows greater security as well as more fun for the user.

[–] ianbradbury@considerate.social 1 points 10 months ago* (last edited 10 months ago)

- in actuality the gate would be half that height.

[–] taanegl@lemmy.world 1 points 10 months ago

Some fat cop in riot gear with mace and baton waiting behind the bushes. Like uh oh, 6 year old. Better use Mace Jr and the little pink nightstick.

[–] goku12@fosstodon.org 1 points 10 months ago* (last edited 10 months ago)

How about input sanitization entirely on the client side? That's what a university did with its exam results database. I wonder how many times it got hacked.