this post was submitted on 26 May 2025
567 points (96.6% liked)

Cybersecurity - Memes

2975 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 2 years ago
MODERATORS
Sam1232188@lemmy.world
neurohost@lemmy.world
Sam1232188@lemmy.fmhy.ml
Alphadef@programming.dev
CannaVet@lemmy.world
567
Uh oh, somebody's not following best practices, that's a paddlin (lemmy.world)
submitted 1 month ago by cm0002@lemmy.world to c/cybersecuritymemes@lemmy.world
103 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] Clent 1 points 1 month ago (4 children)

You are making an unfounded assumption that the password is sent to the client which does the check and then shows the message rather than the server doing the check and responding with the message back to the client.

[–] aesthelete@lemmy.world 1 points 1 month ago (3 children)

Nah I'm not, look above. There's a way to do this that isn't terrible. I just kinda assume that they aren't doing it properly because I've worked in software for decades.

[–] Clent 1 points 1 month ago (2 children)

No one is reimplementing their hashing algorithm in JavaScript. Doesn't matter how many decades in the industry you have, that's a silly assumption.

The parts of security here that involve best practices are invisible to the user. Things such as salting which many do not do but also how they handle the reset token which many do not think about.

However, none of that makes a good meme for people cosplaying cyber security gurus.

[–] Vigge93@lemmy.world 1 points 1 month ago

You would assume that, but you would be very wrong. People are lazier/sloppier than you might think.

Searching for "client side authentication NVD" turns up a lot of examples. There is even a CWE for "Use of Client-Side Authentication:

https://cwe.mitre.org/data/definitions/603.html

load more comments (1 replies)
load more comments (1 replies)
load more comments (1 replies)