Test your Understanding 4.4

sseifried

Hi,

I just finished section 4.4 talking about "trust boundaries" and that you cannot trust any input from a non-trusted environment (in this case the web browser). So how can it be, that the first answer "the server can trust the client data" is correct? To my understanding, even the detailed explanation suggests that the "cannot" answer should be the correct one. Either this is an error, or I missed something in the fine-print of the question. Anyone dare to explain? Btw. non-native english speaker here.

dharmon

Hi @sseifried ,

Thank you for flagging this. This was an error, and the wrong answer was marked correct. The question has been updated to reflect that client data crossing a trust boundary should not be trusted.

Thanks for calling this out.

David H.
Linux Foundation Education

koyomi

@sseifried @dharmon Thank you for updating.