Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
You're lucky, when I opened the browser devtools on my netbank portal my account got locked, my IP blacklisted and I had to go in personally and talk to a really unfriendly middle aged customer service lady who was convinced I broke my contract by trying to "reverse-engineer" the portal.
-
Banking and finance is ridden with a mixture of old age and bureaucracy and the unwillingness of government to adapt to digitalization (hence e.g. laws that make no sense at all) ...
It's a _miracle_ these things work at all. -
Actually, it's your misunderstanding here. Logs of any level are fine in the client, as by definition there are no secrets to access (unless there is poor implementation of the APIs, in which you have a bigger problem altogether).
Admittedly it's not very polished for a site to have many logs, but go look at the console logs on Facebook or other sites. Lots of sites either issue warnings or otherwise other logs (sometimes even fun easter eggs!) to the console. -
flask343y@fullstackchris Logging which deprecated frameworks you're using with the name and version number is a security consideration.
In my opinion it's also not necessary and rather unprofessional to log several js objects containing api endpoints, menu items and other stuff though that was not the stuff bugging me out. -
jeeper58093y@lbfalvy imagine if the had put as much resources in to real security as the did into detecting if dev tools was opened
-
mr-user13493y@lbfalvy
How can website detect you open dev tool?
I thought the server do not know anything you do client side. -
flask343y@d4ng3r0u5 If my web app is using deprecated tools I'd rather not have everyone know about it.
Related Rants
Just started Online Banking at my bank. Checked how much money I have and what I can do on the website.
Afterwards I opened the dev tools and see that there is a js warning. So I open the console and the fucking first thing I see is: Loglevel set to INFO. WHAT THE FUCK?!?
Other things I found out:
API Endpoints are logged here. Two deprecation warnings for a function used. A warning about a deprecated service used.
The log level is now set to WARN. Several more deprecation warnings for the framework from before.
The fuck is this?
rant
banking app