How Not to Write an API

by
in code on (#3FD)
While creating an Android App for Criticker, a movie review and recommendation website, this author found some interesting security holes in their API.

Who knew that a LookupPassword function that returned any user's password in plain-text would be a bad idea?

Deeper problem (Score: 5, Insightful)

by mth@pipedot.org on 2014-03-10 15:06 (#CG)

It is not just a bad idea to return a password through an API; a properly designed application wouldn't even be able to offer such an API call because it would store password hashes instead of actual passwords.
Post Comment
Subject
Comment
Captcha
What is thirteen thousand four hundred and eighty seven as a number?