Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
umbrai_nation
on Oct 27, 2016
|
parent
|
context
|
favorite
| on:
Parsing JSON is a Minefield
Wait, so it creates a privileged session before verifying the password? That's your problem right there. A crash in the JSON processor (or anywhere else) is a minor blip compared to this godzilla bug of granting access before it's been earned.
mathw
on Oct 27, 2016
[–]
Spot on! But if the JSON parser couldn't crash on malformed input, that kind of whopping mistake would be a lot harder to exploit.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: