|
|
|
|
|
|
by rcthompson
4115 days ago
|
|
|
There's no point in trying to verify that your app is running the server-side code it claims to be running. That still doesn't prevent you from logging into your own server as root and taking everyone's data. If you have people's data unencrypted on your server, they are ultimately trusting you with it, not your app. Part of that is trusting your app not to have a security hole that leaks data to third parties, and verification could help with that. But it won't help with securing user data against a malicious sysadmin. |
|
|