Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I got the point exactly, and the paragraph under the example states:

> The obvious problem with this is that we’re given a reference to the product, and not the product itself.

Which isn't the most obvious problem with this example.

You might want to read: https://www.owasp.org/index.php/REST_Security_Cheat_Sheet



Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: