Hacker News new | ask | show | jobs
by pavel_lishin 4249 days ago
Who was replacing numbers with asterisks, and for what purpose?
2 comments
pilif 4249 days ago
That was a "privacy" mode of some personal firewall that was protecting the user's phone number from leaking out.

Incidentally, this has leaked the users phone number because only that specific numer was being replaced with asterisks.

Welcome to the world of very crappy "security" (-theater) end-user products.

link
goleksiak 4249 days ago
The asterisks hide this request's BasicAuth credentials between the cellular printer and our app servers...we don't transmit customer phone numbers between the printer and our app servers. Twilio transmits them to our app servers but that is HTTPS
link
pilif 4249 days ago
I think pavel_lishin was referring to a side-note in my war-store I listed as the parent comment.
link
pavel_lishin 4249 days ago
Yup.
link
goleksiak 4249 days ago
ah - my bad
link
goleksiak 4249 days ago
I didn't want to hang our BasicAuth creds out to dry
link
lclarkmichalek 4249 days ago
You were sending them over http, so aren't they already kinda fucked?
link
goleksiak 4249 days ago
y, true
link
pavel_lishin 4249 days ago
Oh, I was asking pilif to comment about their experience.
link