youTellMe@lemmy.world to Programmer Humor@lemmy.worldEnglish · 2 months agoEveryday we stray further from industry standardslemmy.worldexternal-linkmessage-square24fedilinkarrow-up1191
arrow-up1191external-linkEveryday we stray further from industry standardslemmy.worldyouTellMe@lemmy.world to Programmer Humor@lemmy.worldEnglish · 2 months agomessage-square24fedilink
minus-squaresurewhynotlem@lemmy.worldlinkfedilinkEnglisharrow-up1·2 months agoIf that’s a pass through, that’s bad. If that’s used for authentication, authorization, credential limiting, or rate limiting, then sure.
minus-squaresebsch@discuss.tchncs.delinkfedilinkEnglisharrow-up3·2 months agoThere is no context in this world validating this level of unsanitized SQL. Even for internal use this is bad, since it bypasses the auth of server and dbms.
minus-squaresurewhynotlem@lemmy.worldlinkfedilinkEnglisharrow-up1·2 months agoThat is a very good point.
If that’s a pass through, that’s bad.
If that’s used for authentication, authorization, credential limiting, or rate limiting, then sure.
There is no context in this world validating this level of unsanitized SQL. Even for internal use this is bad, since it bypasses the auth of server and dbms.
That is a very good point.