Front End OTP Verification

bad code Otp Client-side validation Code review jquery

Frontend Webdev Security Javascript Programming

1 hour ago 22,049 views 0 shares

Front End OTP Verification

frontend-memes, security-memes, javascript-memes, bad-code-memes, otp-memes | ProgrammerHumor.io

Someone named Suresh just committed a cardinal sin of web security. They're comparing the user's OTP input against a hidden field called otp_hidden... which exists in the DOM... on the client side... where literally anyone can just open DevTools and read it.

It's like putting a lock on your door but leaving the key taped to the doorknob with a sticky note that says "SECRET KEY - DO NOT USE". The entire point of OTP verification is that it should be validated server-side against what was actually sent to the user's phone/email. Storing it in a hidden input field defeats the purpose harder than using var in 2024.

The red circle highlighting this masterpiece is chef's kiss. This is the kind of code that makes security researchers weep and penetration testers rub their hands together gleefully. Never trust the client, folks.

More Like This

How To Ruin FrontEnd Developer Peace ☮️

Frontend Javascript

3 years ago 59.3K views 0 shares

How To Ruin FrontEnd Developer Peace ☮️ | developer-memes, frontend-memes | ProgrammerHumor.io

Content Tawanda Nyahuye S towernter How to end a frontend developer's career 08

Oopsie

Frontend Programming

4 years ago 67.8K views 0 shares

Oopsie | css-memes, oop-memes, ide-memes | ProgrammerHumor.io

Content Me: accidentally changes a small CSS property The site:

Realization

Frontend Programming Debugging

3 years ago 77.8K views 0 shares

realization | developer-memes, web developer-memes, web-memes, bugs-memes, bug-memes | ProgrammerHumor.io

Content Did you know? fb.comlegendaryfacts Spiders are the only web developers in the world that enjoy finding bugs

Tags Add( Post Tags Meta);

Frontend Programming Python Debugging

3 years ago 108.2K views 0 shares

Tags.Add(PostTags.Meta); | programming-memes, programmer-memes, html-memes, program-memes, array-memes, arrays-memes, debugging-memes, bug-memes, debug-memes, ML-memes, semicolon-memes, language-memes | ProgrammerHumor.io

Content Actually original and funny jokes relating to programming - Arrays start at 1 -Debugging sucks -language sucks -semicolons suck -last week's posts -way too much HTMI -humor easily understood by non-programmers -hello world

Programming socks

Frontend Programming Cloud

3 years ago 104.6K views 0 shares

Programming socks | programming-memes, web-memes, program-memes, security-memes, cloud-memes | ProgrammerHumor.io

Content Cisco Umbrella Cisco Umbrella CiscoUmbrella V You know that feeling of a new, snug pair of socks that makes you believe anything is possible? Yeah, well, we want to give ITsecurity folks that feeling - attend our webinar to receive a fresh pair! Bonus: Free Cisco Umbrella socks for attending! CISCO Cisco Cloud Security Live Demo Wednesdavs at 11 am PT 2 pm ET REGISTER NOW Cisco Cloud Security - Live Demo umbrella.com 17 7 Promoted 17 50 177

Intuitive User Interface

Frontend Webdev Programming Testing

10 days ago 258.3K views 3 shares

Intuitive User Interface

When developers think they've achieved UX perfection by making something "simple and intuitive," but users somehow find a way to use it in the most spectacularly wrong manner possible. That teapot has a perfectly functional spout, yet here we are watching tea arc through the air like some kind of caffeinated fountain. The gap between developer intent and user behavior is wider than the Pacific Ocean. You can spend weeks perfecting the user flow, adding tooltips, writing documentation, and conducting usability tests... only to watch users confidently ignore every design decision you made and create their own chaos. Pro tip: If you ever want to test your UI, don't give it to other developers. Give it to your non-technical relatives and prepare for your soul to leave your body.