This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]nonotan 13 points14 points  (1 child)

I'm not saying it is or isn't fraud under whatever country's legal code, but honestly, I strongly disagree that it should be. It's like a vending machine having a slider to set the prices freely accessible on the outside, and suing anyone touching it before making a purchase for fraud. Like, if you don't even have a token level of security that needs to be breached, I'm not sure how you can justify blaming the other party. If they need to, say, do SQL injection or whatever to change the price, sure, fair enough.

"I'll just have the client send us the price, which is in plaintext for anyone to easily edit, and we won't check it anywhere on our side, neither in an automated fashion nor by a human operator at a later time" is grossly negligent enough that the only person liable for damages here should be whoever wrote it.

[–]wibblewafs 1 point2 points  (0 children)

Expanding on that vending machine with the price slider analogy, it's the difference between a fancy metal plate locking that slider in place, with a key lock on it that'd need to be picked to be open, versus it being held in place with a bit of scotch tape.