• xmunk@sh.itjust.works
    link
    fedilink
    arrow-up
    6
    arrow-down
    1
    ·
    10 months ago

    I’ve seen front ends that build queries that are blindly executed by the backend - I’ve seen GraphQL that allows the client to read arbitrary users’ passwords from the database - I’ve seen attack ships on fire off the shoulder of ori- whoops, wrong memory.

    Anyways, you can create vulnerabilities anywhere using anything - imo more server side logic might mean more vulnerabilities on the server but it means less vulnerabilities overall.