Hacker News new | comments | ask | show | jobs | submit login

When I read this I just started cackling like a mental patient.

The first thing that comes to mind is if this is on a well known framework, I want to know because those security defaults are awful.

However if these guys rolled their own API auth system and messed up something this simple, or deliberately modified framework defaults... I can't even imagine what conversations happened at their offices this morning.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact