Hacker News new | past | comments | ask | show | jobs | submit login

Why the downvote? This is extremely relevant. There is no 100% security, there is no reason to store sensitive information (even "encrypted").

Had this been a session token the problem would have been less severe (session tokens won't be reused on the user's Gmail account for instance), easier to detect, and easier to mitigate once discovered.

> Why the downvote?

Probably because of this:

> Hmm. Seems on par with the security of pretty much every angularjs site i've seen. Moving on.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact