How Not to Write an API

in code on 2014-03-10 03:26 (#3FD)

While creating an Android App for Criticker, a movie review and recommendation website, this author found some interesting security holes in their API.

Who knew that a LookupPassword function that returned any user's password in plain-text would be a bad idea?

Re: Deeper problem (Score: 1)

by bryan@pipedot.org on 2014-03-10 20:46 (#DB)

I think, thus far, the trig CAPTCHA on the sign-up form may have averted the first round. Now, if I could only find some wood to knock on...

Post Comment

Warning: Undefined array key 0 in /var/pipedot/include/captcha.php on line 64

Warning: Trying to access array offset on null in /var/pipedot/include/captcha.php on line 64

Warning: Undefined array key 0 in /var/pipedot/include/captcha.php on line 64

Warning: Trying to access array offset on null in /var/pipedot/include/captcha.php on line 64

Warning: Undefined array key 0 in /var/pipedot/include/captcha.php on line 64

Warning: Trying to access array offset on null in /var/pipedot/include/captcha.php on line 64
Fatal Error - sql [update captcha_challenge set captcha_id = ? where remote_ip = ?] arg [, 216.73.216.137] msg [SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'captcha_id' cannot be null] - Pipedot

Fatal Error: sql [update captcha_challenge set captcha_id = ? where remote_ip = ?] arg [, 216.73.216.137] msg [SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'captcha_id' cannot be null]

Subject
Comment