For this particular threat vector, where the client is compromised, the backend ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		blr_lpm 25 days ago \| parent \| context \| favorite \| on: Vaultwarden commit introduces SSO using OpenID Con... For this particular threat vector, where the client is compromised, the backend doesn’t matter.

franga2000 25 days ago [–]

A compromised server can inject exfil code into the web page it serves. If you only ever use the apps then you should be fine though.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact