- From: Bjartur Thorlacius <svartman95@gmail.com>
- Date: Fri, 24 Feb 2012 09:30:21 +0000
On Feb 24, 2012, at 12:18 AM, Michael Gratton wrote: >> But in general, I recommend against this. Anything that can be >> computed >> should be computed on the server to obtain the canonical value, >> otherwise >> you open yourself up to attackers sending you inconsistent data. > > While for applications where trust is an issue one clearly needs to > check calculations server-side. When it is not however, this would > be a > welcome addition. The principle of least authority applies. In general, neither the client nor the link he communicates over should not be trusted unnecessarily.
Received on Friday, 24 February 2012 01:30:21 UTC