undefined | Better HN

0 pointslayoutIfNeeded5y ago0 comments

The problem is not that the endpoint is not available, rather that the endpoint is returning garbage on which the parser chokes. Of course you should always write parsing to be 100% resilient against any kind of garbage input (even malicious), but my point is that your marketing SDK could still be a ticking timebomb.

0 comments

jasonv5y ago

True, yes. But this is for a financial services mobile app... one of the first concerns was the user experience. The org is well versed in the other back-end security and data issues that also have to be looked at.

But if you're Facebook, and you're pushing your SDK as a great solution and it's embedded in high profile apps and you are letting this happen a couple of times, I get to make fun of you. (a dollop of sarcasm, to be sure..)

j / k navigate · click thread line to collapse

0 pointslayoutIfNeeded5y ago0 comments

0 comments

jasonv5y ago

j / k navigate · click thread line to collapse