Nicholas Weaver on Nostr: We harsh on buffer overflows as "fish in a barrel", but SQL injection is actually ...
We harsh on buffer overflows as "fish in a barrel", but SQL injection is actually worse: There is NO excuse for not refactoring SQL accessing code into prepared statements, the amount of code is small to touch and the security win is huge.
That and invocations of system() rather than execve() are things that are on my instructions to students when onboarding to a project to look for, they are gaping vulnerabilities yet easy to find & fix.
That and invocations of system() rather than execve() are things that are on my instructions to students when onboarding to a project to look for, they are gaping vulnerabilities yet easy to find & fix.