Wait, so it creates a privileged session before verifying the password? That's y... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

umbrai_nation on Oct 27, 2016 | parent | context | favorite | on: Parsing JSON is a Minefield

Wait, so it creates a privileged session before verifying the password? That's your problem right there. A crash in the JSON processor (or anywhere else) is a minor blip compared to this godzilla bug of granting access before it's been earned.

mathw on Oct 27, 2016 [–]

Spot on! But if the JSON parser couldn't crash on malformed input, that kind of whopping mistake would be a lot harder to exploit.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact