this post was submitted on 10 Jul 2023
740 points (95.8% liked)
General Discussion
12131 readers
20 users here now
Welcome to Lemmy.World General!
This is a community for general discussion where you can get your bearings in the fediverse. Discuss topics & ask questions that don't seem to fit in any other community, or don't have an active community yet.
πͺ About Lemmy World
π§ Finding Communities
Feel free to ask here or over in: [email protected]!
Also keep an eye on:
For more involved tools to find communities to join: check out Lemmyverse!
π¬ Additional Discussion Focused Communities:
- [email protected] - Note this is for more serious discussions.
- [email protected] - The opposite of the above, for more laidback chat!
- [email protected] - Into video games? Here's a place to discuss them!
- [email protected] - Watched a movie and wanna talk to others about it? Here's a place to do so!
- [email protected] - Want to talk politics apart from political news? Here's a community for that!
Rules
Remember, Lemmy World rules also apply here.
0. See: Rules for Users.
- No bigotry: including racism, sexism, homophobia, transphobia, or xenophobia.
- Be respectful. Everyone should feel welcome here.
- Be thoughtful and helpful: even with βsillyβ questions. The world wonβt be made better by dismissive comments to others on Lemmy.
- Link posts should include some context/opinion in the body text when the title is unaltered, or be titled to encourage discussion.
- Posts concerning other instances' activity/decisions are better suited to [email protected] or [email protected] communities.
- No Ads/Spamming.
- No NSFW content.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Suddenly, very relatable today...
I was just thinking how the developer of kbin made a post regarding a similar bug in kbin and some people made fun of him for missing something so obvious, and here we are π€¨
There's only two kinds of people:
I think everyone is on a journey from 2 -> 1, some just get there sooner than others :)
I'd call the second group fools because those are generally the ones that the system is trying to be safe against.
Foolproofness is an asymptote. It's not achievable but we can always get closer.
If you are creating some software in 2023, it should not be vulnerable to SQL injection.
There's no "but" or "unless".
I really wished the presentation layer and session management had that kind of clear interfaces, instead we are stuck into only solving some 99.9% of CSS and 90% of CSRF. But SQL injection is 100% complete solved for good.
The best developers can admit they missed something, fix it, and move on to the next thing.
The difference is that here lots of people posted about it and action was taken. If this was corporate owned, any suggestions of a problem would have been removed or denied, and months later after it hits public media they would have admitted there might have been a problem, and here's some free identity theft protection if you feel like you were affected.
True. Looking at lemmy GitHub, it looks like everyone is swamped.
How come?
Because there was a xss bug in Lemmy cause by not escaping some inputs
Because he doesn't know the difference between an SQL injection and a Cross site scripting attack.
Link for those who would like to learn more.
Or because both relate to not sanitizing your input
Yeah lol. What is up with the condescension?
Reddit migration side-effects.