alt Hacker NewsThe amount of javascript is really beside the point here. The problem is that privileged users can easily edit the code without strong 2FA, allowing automatic propagation.
Replies
j45 • yesterday at 7:47 PM
It's not, application logic exposed on the client side is always an attack vector for figuring out how it works and how attack vectors could be devised.
It's simply a calculated risk.
How much business and application logic you put in your Javascript is critical.
On your second unrelated comment about Wikipedia needing to use 2FA, there's probably a better way to do it and I hope mediawiki can do it.
➕ show 1 reply
How does 2FA prevent this here?