Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
hitko103519dNo need to implement advanced security features, when you can just make it illegal to challenge them and prosecute whoever tries.
Anyone who has seen healthcare.gov would not be surprised by this.
@wannabe If it's something like the one they use here in Spain…
Right off the bat, it was found that any user logged in could access any case from anyone just by changing the ID in the URL, with no access control whatsoever.
This was their defense:
The system is perfectly closed and secure, as long as it's used lawfully and ethically.