It’s a “tool for the job” game. I don’t trust a junior developer to write a login system. I’ve found security flaws in login systems written by senior developers who “know what they’re doing TM”. Unless I’m the expert in a given domain, it’s better to trust something written by those experts.

For the record (since it’s fixed anyway), I discovered a common login timing vulnerability on one of our production systems that had been in place for nearly 15 years. Luckily we didn’t have enough traffic for anyone to notice it before me.

I don’t trust Masterlock, so I’m gonna make my own lock out of duct tape, then tape scissors to the door to use as the key.

I’ll take .tsconfig and .webpackrc over C# .config files every day of the week.