Hacker News new | past | comments | ask | show | jobs | submit login

This reminds me of a contract I did. End users had complained that they were getting more spam after signing up for an account. I thought it must be a coincidence.

I jump into the firebase console and look at the security rules.

  allow read, write: if true;
Turns out that the whole customer database was wide open. After fixing it up, I tried to work out how things had ended up like this. The entire system had been written by an intern...



The first rule of programming is make it work.

The last rule of programming is make it secure.

At least this appears to be the case from observation.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: