Hacker News new | past | comments | ask | show | jobs | submit login

Wonderful, thank you [edit] thinking this through.... but regardless of how the api works, is it not possible that you (cloudflare) could just have the list and check yourselves since you know the submitted password?

It could be a value added service for all your customers.

[Sorry for the late edit, not being evil here].




If you read the details of Troy's API you'll see that at no time does the password or even a hash of the password leave the computer of the person using the API.


Yep, I was sort of on the wrong tack. The api is fine, it just seems like an unnecessary dance for cloudflare integrated services since you have the password anyway.


The entire dataset is available for download, so everyone can do the check themselves if they want to.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: