I was just thinking how the developer of kbin made a post regarding a similar bug in kbin and some people made fun of him for missing something so obvious, and here we are 🤨
If you are creating some software in 2023, it should not be vulnerable to SQL injection.
There’s no “but” or “unless”.
I really wished the presentation layer and session management had that kind of clear interfaces, instead we are stuck into only solving some 99.9% of CSS and 90% of CSRF. But SQL injection is 100% complete solved for good.
The difference is that here lots of people posted about it and action was taken. If this was corporate owned, any suggestions of a problem would have been removed or denied, and months later after it hits public media they would have admitted there might have been a problem, and here’s some free identity theft protection if you feel like you were affected.
I was just thinking how the developer of kbin made a post regarding a similar bug in kbin and some people made fun of him for missing something so obvious, and here we are 🤨
There’s only two kinds of people:
I think everyone is on a journey from 2 -> 1, some just get there sooner than others :)
I’d call the second group fools because those are generally the ones that the system is trying to be safe against.
If you are creating some software in 2023, it should not be vulnerable to SQL injection.
There’s no “but” or “unless”.
I really wished the presentation layer and session management had that kind of clear interfaces, instead we are stuck into only solving some 99.9% of CSS and 90% of CSRF. But SQL injection is 100% complete solved for good.
Foolproofness is an asymptote. It’s not achievable but we can always get closer.
The best developers can admit they missed something, fix it, and move on to the next thing.
The difference is that here lots of people posted about it and action was taken. If this was corporate owned, any suggestions of a problem would have been removed or denied, and months later after it hits public media they would have admitted there might have been a problem, and here’s some free identity theft protection if you feel like you were affected.
True. Looking at lemmy GitHub, it looks like everyone is swamped.