| ▲ | mcintyre1994 4 hours ago | |
In what way is it harder to write a library that exfiltrates credentials passed to it in those languages? I’d think it’d be a bit easier because you could use the standard library instead of custom encryption, but otherwise pretty much the same. | ||
| ▲ | ashishb 4 hours ago | parent [-] | |
> In what way is it harder to write a library that exfiltrates credentials passed to it in those languages? It is not harder to write. It is more challenging to execute this attack stealthily. Due to the myriad behaviors of runtimes (browser vs. backend), frameworks (and their numerous versions), and over-dependency on external dependencies (e.g., leftpad), the risk in JS-based backends increases significantly. | ||