Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Obv bc the techpriests need jobs. If it weren't for the rites of diagnostics, the Imperium of Man would fall to chaos.
-
@SortOfTested It was because of the tech that humanity had fell into age of darkness in the first place...
-
This, this is why we PHP and C# (and to some degree, ASP) developers still exist.
Without us security doesn't exist. -
@Gregozor2121
Hey, foundry worlds are still running, war machine keeps rolling. -
@PlatinumFire Without you guys only real security can exist. Security that relies on client-side encryption, that is. For some reason nobody does that, though.
-
@Lor-inc Because while its great on paper, there isn't a reliable idiot-proof way to pull it off.
-
@PlatinumFire What does idiot-proof mean in this context? The user doesn't have to care any more than that they should back up their keys because if they lock themselves out their data is lost forever.
-
@Lor-inc you've pretty much mailed it on the head.
They WILL lose it, they'll start using a single 3 party service to store their keys, assuming it's not in the browser (none of which are very secure) not to mention browser auto-fill features.
As I said, it's a great idea on paper. -
@PlatinumFire The user's computer and password manager are attack vectors regardless of e2e. The difference is that with e2e neither the provider's security, nor their greed are additional risks.
-
@Lor-inc I personally think we'd see a new kind of credential management, one that due to the increased complexity (not for me or you, but definitely the average end user) would make it easier to at least trick people.
And in a world where "only" 11% of your employees falling for phishing is considered "very good" relatively speaking, Ive seen enough to not have any trust in the end users.
On paper it's fine, for techies who understand the technologies and risks its fine, but in reality the hard you make it for the average user, the more they'll ignore why they needed it in the first place and work around it.
Using online password managers are a perfect example of this.
Related Rants
Why do we need a backend?
joke/meme
backend
frontend
marked as duplicate!
logic