Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That's not how security should work. The default should be no-access, so that missing a line of code or making a small mistake leads to too much restriction rather than not enough. That would also help the developer notice the mistake, since the feature wouldn't work.


Agreed, but you'd be hard-pressed to find any site that has that as the standard (much less a social site, with so many inter-weaving connections), that isn't crammed down their throat by laws. Even then it's still hard to get (and keep) it correct 100% of the time, and stands in the way of making changes and new features, which are what keep social sites alive and competitive.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: