Unfortunately, while a good practice, reading the code is not an iron-clad defen... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

modeless on Aug 18, 2011 | parent | context | favorite | on: Who Does Facebook Think You Are Searching For?

Unfortunately, while a good practice, reading the code is not an iron-clad defense.

http://cm.bell-labs.com/who/ken/trust.html

To give one example of how this could fail, the server could return different code when the request referer is facebook.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact