Y
Hacker News
new
|
ask
|
show
|
jobs
by
yashafromrussia
3533 days ago
What kind of API design is this? Post data should be sent within the request's body over HTTPS. Not as a url query.
3 comments
mrcarrot
3533 days ago
Nowhere in the article does it say that the POST data was in the URL. As I understood it, he was editing the request body before the request was sent to PayPal's server.
link
continuational
3533 days ago
The URL is encrypted too, so what's the difference in terms of security?
link
ComodoHacker
3533 days ago
Does it matter in this case?
link