Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Yep, just saying that if he's not malicious (intending to maximize harm to users), then he's an idiot for disclosing it this way.


Or just didn't know what the best practice was.

Since this is a flaw any user can run into, I wouldn't get so mad about someone who doesn't know best practice running into it.

I am much more concerned that such an obvious tractable flaw exists in the first place.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: