| ▲ | Thaxll 9 hours ago | |
If you have access to the local machine no language will save you. | ||
| ▲ | OhMeadhbh 9 hours ago | parent | next [-] | |
Sure. But there are several graduations of threat between "zero access" and "complete access." On the intarwebs, every request is from a potential attacker. Attackers are known for violating RFC3514, so it is frequently useful to build a trust model and use existing access control mechanism to deny "sensitive" data (or control functions) to protocol participants who cannot verify their identity and/or access permission. These models can get complex quickly, but are nevertheless important to evaluate a system's specified behaviour. No system is perfect and your mileage may vary. | ||
| ▲ | edoceo 9 hours ago | parent | prev [-] | |
To oversimplifiy, it's like the same-ish risk level as JS or PHP or Ruby? (assuming the underlying algorithm is good) | ||