12

Ok so we just signed a new client with some "artificial intelligence" back-end...

To authenticate with their back end, they developed a FU**ING GET REQUEST so the username and password are passed in the URL.

Then we get a token that we pass in FU**ING GET REQUESTS to communicate with their "artificial intelligence enhanced" back end.

I can't even. I just can't.

Comments
  • 4
    The phrase "artificial intelligence" should have been your first indication. Hopefully your team is as wary as you are of this situation.
  • 1
    @bezorp we'll see how it goes with said "AI"... but I'm sure as hell not developing shit until they code a proper API.
  • 3
    Is your client a rock? Or a panda? Probably a rock because a panda wouldn't implement auth system with get requests.
  • 1
    Maybe teach them about POST? Also double check to make sure they are at least using https... With people like that you can't assume anything.
  • 1
    @hexc yeah but HTTPS won't protect anything on GET requests. The URL can be intercepted.
Add Comment