Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
mixedbit
on Feb 14, 2013
|
parent
|
context
|
favorite
| on:
Unofficial documentation of the Tesla Model S REST...
Hope this is secured against cross car request forgery.
driverdan
on Feb 14, 2013
[–]
My first thought was "Holy Shit! Cookie only authentication and you can unlock the doors, among other things!"
It's absolutely vulnerable to XSRF with cookie only authentication. This is a huge security issue.
Join us for
AI Startup School
this June 16-17 in San Francisco!
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
