How Not to Write an API

by
in code on (#3FD)
While creating an Android App for Criticker, a movie review and recommendation website, this author found some interesting security holes in their API.

Who knew that a LookupPassword function that returned any user's password in plain-text would be a bad idea?

Deeper problem (Score: 5, Insightful)

by mth@pipedot.org on 2014-03-10 15:06 (#CG)

It is not just a bad idea to return a password through an API; a properly designed application wouldn't even be able to offer such an API call because it would store password hashes instead of actual passwords.
Post Comment
Subject
Comment
Captcha
If a person is called Emily, what is their name?