How Not to Write an API

by
in code on (#3FD)
While creating an Android App for Criticker, a movie review and recommendation website, this author found some interesting security holes in their API.

Who knew that a LookupPassword function that returned any user's password in plain-text would be a bad idea?

You have to wonder why.... (Score: 2, Interesting)

by billshooterofbul@pipedot.org on 2014-03-10 16:32 (#CV)

Some idiot developer needed that function, and didn't think it was a problem because it required a dev api key. He also ignored the fact that they were storing passwords in plain text. Well, I'll double check any api we ever create for something as stupid, though I'm not sure anyone whos ever worked with me was that dumb. And that's saying something.

First PipeDot post!
Post Comment
Subject
Comment
Captcha
What is the 1st digit in 6221142?