How Not to Write an API

by
in code on (#3FD)
While creating an Android App for Criticker, a movie review and recommendation website, this author found some interesting security holes in their API.

Who knew that a LookupPassword function that returned any user's password in plain-text would be a bad idea?

Re: Deeper problem (Score: 5, Informative)

by bryan@pipedot.org on 2014-03-10 15:08 (#CJ)

And don't forget to salt them too! Lots of people always seem to forget the salt.
Post Comment
Subject
Comment
Captcha
The number of body parts in the list chest, rainjacket, brain, arm and eye is?