Y
Hacker News
new
|
ask
|
show
|
jobs
by
dsacco
4177 days ago
Yes, that's exactly what I mean. Treat all user-input (and by extension, client-side anything) as dangerous. A server putting a security protocol in the hands of the client when it is not unavoidable is usually bad.