Hacker News new | ask | show | jobs
by ajankovic 5036 days ago
Isn't this a fertile ground for exploits? Session hijacking comes first to mind.
1 comments
mtcmorris 5035 days ago
I've given some thought to that - it uses the same mechanisms as jsfiddle (different domains) and you can view the haxx code. As such CSRF should be fine and SSL isn't supported on public haxxlies.

I however, wouldn't recommend signing in through the service :)

link