Don't rely on client side data. Pin certificates in mobile apps. | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

nstj on April 10, 2016 | parent | context | favorite | on: Domino's: Pizza and Payments

Don't rely on client side data. Pin certificates in mobile apps.

Spivak on April 11, 2016 [–]

You're still trusting client side data. What's stopping a more advanced user from replacing your pinned cert with theirs.

Don't do any payment processing client side. Your app should be a pretty interface to the actual service running on your servers.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact