Hacker News new | past | comments | ask | show | jobs | submit login

Don't you see some contradiction between your two sentences? You're attempting to recommend something that supposedly "magically" works so people using it don't need to understand the details about authentication. Seems like the quickest way to end up with all sorts of problems.



I read it as meaning "Don't implement it yourself if you're not ready to go deep down", not "do not use already battle tested".


I read it as "don't bother with details, just use this thing here that does a lot of other things but happens to have a lib that might do it".

I think it's absolutely a good idea to use battle tested code, but you need at least working knowledge on what you're doing to apply it properly. Same thing applies for crypto in general: you generally don't implement it yourself, you generally use battle tested code, but you need to understand what you're doing. The idea that you can eliminate any of these steps and have something working properly is wishful thinking.


Haha, good point.

Like forgetting about disabling Meteor's 'autopublish' and 'insecure' packages that are enabled by default.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: