Hacker News new | past | comments | ask | show | jobs | submit login

From what I've seen, most developers understand "the client's sent data cannot be trusted", but they fail to understand how much it entails. It's not merely the forms they send, it's all of it, cookies, user agents, internal tokens that pass through Javascript, whatever. If the client touched it, it's compromised!



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: