alt Hacker NewsIt wouldn't prevent the admin page from exfiltrating data, though, right? Like, POSTing whatever data is loaded on the page to an arbitrary attacker controlled website.
It wouldn't prevent the admin page from exfiltrating data, though, right? Like, POSTing whatever data is loaded on the page to an arbitrary attacker controlled website.
That would require the logged in user to do something stupid. That’s like saying what’s to prevent the authorized user from emailing his credentials to a random person.