Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Fair point, but come on. Not returning the OTP (which is supposed to be a secret) in the response payload is common sense, whether you are a seasoned developer or a high school student.

It is also a commercial product, not something they made for fun:

    In-App Purchases
    - Cerca App $9.99
    - Cerca App 3 month $9.99
    - 10 Swipes $2.99
    - 3 Swipes $0.99
    - 5 swipes $1.99
    - 3 Searches $1.99
    - 10 Searches $3.99
    - 5 Searches $2.99


Sadly, it's not common sense. I've worked with dozens of people who just throw arbitrary state into front-end response payloads because they're lazy and just push to the front-end whatever comes from the service API.


> because they're lazy

Exactly my point. The reason is not being a university student. It's laziness, or not taking your job seriously.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: