top | item 42892065

(no title)

The need to manage data access on the server does not go away when you stop using javascript. Is there something specifically about Swing that somehow provides proper access control, or is it simply the case that it is slightly more work to circumvent the front end when it doesn’t ship with built in dev tools?

discuss

atomicnumber3|1 year ago

Did I say anything about access control? There's a big difference between "this has to happen server side for security reasons" and "this has to happen server side because our UI/client language is so hapless that it can't handle any amount of additional processing".

teeth-gnasher|1 year ago

The entire thread is about access control…

JS is perfectly powerful, if you don’t know how to use it that’s a good learning opportunity.

dylan604|1 year ago

The built-in dev tools is the key thing. If there was no way for the client to manipulate things, it wouldn't be too far off from other local apps. Reversing is always going to be a threat vector, but the low bar to entry of using the dev tools makes it a non-starter for me.

If using Ghirdra was as simple as using the dev tools, the software industry would collapse.

noman-land|1 year ago

The built in dev tools are fundamental to an open web. If you don't want someone to look at something in their own possession then don't send it to them in the first place. Obfuscating it is rude and is false security anyway.

The grand rule is don't trust the client. People break this rule and then try to paper over it with obfuscation, blame, and tightening their control.

wiseowise|1 year ago

Oh, wow. So you’re one of those. Disregard what I said in previous comment.