How Not to Write an API
While creating an Android App for Criticker, a movie review and recommendation website, this author found some interesting security holes in their API.
Who knew that a LookupPassword function that returned any user's password in plain-text would be a bad idea?
Who knew that a LookupPassword function that returned any user's password in plain-text would be a bad idea?
(signed: Doesn't double check his answers....)