←back to thread

Klarna users are being signed in to random accounts

(twitter.com)
475 points danielstocks | 1 comments | 27 May 21 10:28 UTC | HN request time: 0.001s | source
Show context
diveanon ◴[27 May 21 10:59 UTC] No.27301440[source]
If you rely on your application layer to enforce data privacy instead of enforcing it in your storage layer its just a matter of time until you have an issue like this.

It says a lot about the security of their api and development culture that they are even struggling with something like this. This should be caught in the first architecture review session.

replies(5): >>27301492 #>>27301550 #>>27301568 #>>27301587 #>>27301735 #
1. bni ◴[27 May 21 11:12 UTC] No.27301550[source]
In my experience very few have storage layer separation for customers data. It all logic in the application layer to control access.

Do you mean stuff like row-level security in the database tables?