If spammers can abuse something, they gonna abuse it

  • mint_tamas@lemmy.world
    link
    fedilink
    arrow-up
    7
    ·
    11 months ago

    These days you have to actively work against whatever framework you are using to get SQL injection to work.

    • TigrisMorte@kbin.social
      link
      fedilink
      arrow-up
      1
      arrow-down
      10
      ·
      11 months ago

      “framework”, found your problem. Frameworks save time by ignoring how code works. Folks taught upon a Framework have no real idea what its produced code does.

      • ComradeKhoumrag@infosec.pub
        link
        fedilink
        arrow-up
        7
        arrow-down
        1
        ·
        11 months ago

        Typically the security conscious webdev still needs to define an API to their database. It’s bad practice to let users hit the DB directly.

        Now, if you hack the API then sure you can start hacking the database, but first you have to hack the API to the database which raises the costs of cyberwar