

Rogers Phone Finder - What happens if you only learn jQuery - kenips
https://www.rogersphonefinder.com/

======
kenips
This is horrible, yet from Canada's largest(?) wireless carrier??

Checkout: <https://www.rogersphonefinder.com/javascripts/conf.js>
<https://www.rogersphonefinder.com/javascripts/fq.js>

and you can bypass all the business logic, including checking someone's
location I think.

Did I mention that they store your password in plaintext in a cookie?
#facepalm

~~~
lucisferre
I'm a bit confused is the problem the fact that they implement a full API
client in javascript and you can read the code?

The plain-text password in the cook seems to be it's huge flaw, but I don't
see the problem with the fact that you can circumvent the javascript as long
as business rules are still validated on the server side.

~~~
kenips
Exactly, and they don't - it does return a random location when I put in a
random user_id (they simply expose a user object in the global space with all
sorts of attributes in it). They totally upped Apple's "Find My Friends" with
this "Find My Strangers" site.

