undefined | Better HN

0 pointsrrrhys4y ago0 comments

Whole implementation? It's probably the edge cache catching a cookie on the way out, a toggle box somewhere.

0 comments

Yes?

The session layer should confirm and only accept that the other SSL-endpoint is an authenticated app. The app should do this as well.

If a toggle box exists that can cause this, I'd wonder how much of else of the implementation is worth saving.

dustinmoris4y ago

With all respect, I don't disagree with your assumption about a silly cache somewhere, but that is sort of my point, if such a severe privacy and security vulnerability can be introduced by a single toggle box somewhere then the architecture of their platform is hugely lacking IMHO. This is not a cat photo sharing platform but a fin-tech business and there should be more layers to security than a single toggle box.

j / k navigate · click thread line to collapse

0 comments

johbjo4y ago

Yes?

The session layer should confirm and only accept that the other SSL-endpoint is an authenticated app. The app should do this as well.

If a toggle box exists that can cause this, I'd wonder how much of else of the implementation is worth saving.

dustinmoris4y ago

j / k navigate · click thread line to collapse