Hacker News new | ask | show | jobs
by losvedir 65 days ago
It wouldn't prevent the admin page from exfiltrating data, though, right? Like, POSTing whatever data is loaded on the page to an arbitrary attacker controlled website.
1 comments
scarface_74 65 days ago
That would require the logged in user to do something stupid. That’s like saying what’s to prevent the authorized user from emailing his credentials to a random person.
link
dinkumthinkum 65 days ago
You may want to go back and ask the expert in that vibe coding equation if it would say this is a wise approach.
link