Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I don't trust a site that stores my CC information in a cookie to always serve HTTPS pages.

Also you didn't address the most important point, PCI compliance.

The method Santander employs is unquestionably a bad way to do things.



If the cooke is set to secure it won't be sent in a non https request.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: