|
|
|
|
|
|
by jessaustin
4709 days ago
|
|
|
...or a client attack, or XSS, or poorly secured tokens, or whatever. If we always blame the user first, we're bound to miss something. Even if the fault were an insecure password, the admin site would still be to blame for not throttling and locking down the account in response to repeated attack. |
|
|