182

Everyday we stray further from industry standards (lemmy.world)

submitted 1 week ago by youTellMe@lemmy.world to c/programmerhumor@lemmy.world

24 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] sebsch@discuss.tchncs.de 15 points 1 week ago* (last edited 1 week ago)

GET /api/database?query=SELECT+++name+++FROM+++users+++WHERE+++id=42

I've seen that exact type of endpoint, hitting databases in production. 🔥

[-] ChillPenguin@lemmy.world 5 points 1 week ago

[-] surewhynotlem@lemmy.world 1 points 1 week ago

If that's a pass through, that's bad.

If that's used for authentication, authorization, credential limiting, or rate limiting, then sure.

[-] sebsch@discuss.tchncs.de 3 points 1 week ago

There is no context in this world validating this level of unsanitized SQL. Even for internal use this is bad, since it bypasses the auth of server and dbms.

[-] surewhynotlem@lemmy.world 1 points 1 week ago

That is a very good point.

this post was submitted on 07 Oct 2024

182 points (99.5% liked)

Programmer Humor

1340 readers

2 users here now

founded 1 year ago

MODERATORS

usr_bin_env@lemmy.world