Most active commenters

    ←back to thread

    Accessing Max Verstappen's passport and PII through FIA bugs

    (ian.sh)
    396 points galnagli | 13 comments | 22 Oct 25 18:21 UTC | HN request time: 0.608s | source | bottom
    1. whatever1 ◴[22 Oct 25 20:12 UTC] No.45674554[source]
    Just use a framework to build your site. Don’t reinvent the wheel!
    replies(4): >>45674712 #>>45674794 #>>45676337 #>>45677228 #
    2. ChaseRensberger ◴[22 Oct 25 20:26 UTC] No.45674712[source]
    i respectfully disagree with this sentiment. i think that in general, reinventing the wheel can be a great learning opportunity in understanding how the wheel works.
    replies(5): >>45674725 #>>45675267 #>>45675268 #>>45675502 #>>45677159 #
    3. AnimalMuppet ◴[22 Oct 25 20:27 UTC] No.45674725[source]
    It can. But it can be very bad at producing wheels that don't break.
    replies(1): >>45674825 #
    4. motorest ◴[22 Oct 25 20:33 UTC] No.45674794[source]
    > Just use a framework to build your site. Don’t reinvent the wheel!

    How do you arrive at that conclusion after reading an article on how an API had a broken access control vulnerability?

    replies(1): >>45674813 #
    5. renewiltord ◴[22 Oct 25 20:35 UTC] No.45674813[source]
    He’s being sarcastic and suggesting using some out of the box rbac thing.
    6. adamtaylor_13 ◴[22 Oct 25 20:36 UTC] No.45674825{3}[source]
    Not if you understand how the wheel works. That's the whole point.
    7. jonplackett ◴[22 Oct 25 21:18 UTC] No.45675267[source]
    But maybe do that on a smaller scale personal project?
    8. catoc ◴[22 Oct 25 21:18 UTC] No.45675268[source]
    Reinventing the wheel for Formula 1 driving…
    replies(1): >>45675471 #
    9. dmoy ◴[22 Oct 25 21:36 UTC] No.45675471{3}[source]
    Depending on the wheel, maybe. Nowadays it's more standardized - same rims for example. The tires are standardized.

    There's a lot less freedom in reinventing the wheel in formula 1 nowadays

    https://www.formula1-dictionary.net/wheels.html

    The steering wheel of course isn't even a wheel anymore, for a long time. It's some video game console / airplane cockpit looking monstrosity.

    10. samarthr1 ◴[22 Oct 25 21:39 UTC] No.45675502[source]
    I funnily just read a whole Twitter thread that had this same thesis, not 45 minutes ago... What a small world
    11. maxbond ◴[22 Oct 25 23:13 UTC] No.45676337[source]
    There are some vulnerabilities frameworks can address wholesale (like CSRF or XSS) as long as you keep to the blessed way of doing things, but they aren't able to save you from a complete failure to build authorization into your API. Like how seatbelts save lives but can't stop you from accelerating directly into a pole if you choose to do so.
    12. atonse ◴[23 Oct 25 01:23 UTC] No.45677159[source]
    Great to reinvent the wheel for your mom and pop blog, or to teach yourself these concepts and try to break in. But not for authn and authz for something official like this.
    13. zikani_03 ◴[23 Oct 25 01:34 UTC] No.45677228[source]
    Mass assignment problems sometimes also come from (improper?) use of frameworks. This goes beyond frameworks and more about how thorough the testing and review of how the user account modification and access control is done.