Hacker News new | ask | show | jobs
by gootik 4317 days ago
I don't think you're getting the point of the article. It is talking about dereferencing the STATE and the VALUE portions of a RESTful API. Not what's the most secure way of sending a credit card number over TCP/IP.
1 comments
webhat 4317 days ago
I got the point exactly, and the paragraph under the example states:

> The obvious problem with this is that we’re given a reference to the product, and not the product itself.

Which isn't the most obvious problem with this example.

You might want to read: https://www.owasp.org/index.php/REST_Security_Cheat_Sheet

link