You can never trust a client you don't have absolute control of. Unless you have such control, you can only assume the client is compromised.
I understand that your scenario calls for trust where none is warranted†. That's risk. And your mitigation is to be clear how you handle a compromise (likelyhood).
†As does probably 99.9% of sites on the Internet.
I understand that your scenario calls for trust where none is warranted†. That's risk. And your mitigation is to be clear how you handle a compromise (likelyhood).
†As does probably 99.9% of sites on the Internet.