Comment by bcrosby95

Comment by bcrosby95 10 months ago

0 replies

View on Hacker News

It's interesting to see software engineers going from rolling their own auth, to not rolling their own auth, to not even noticing this quite blatant security problem.

It doesn't matter if you roll your own auth or not, you need to understand a very basic fundamental of it all: never trust the client.