Mastodon

hjertnes.blog

SQL Injections

08.08.2018 10:00

This used to be the big security thing everyone safe guarded against back when I was learning how to write code.

There is even a XKCD strip about it.

The basic idea is that input from a user is used directly to construct a SQL Query, and that can therfore be used to for example drop tables in your database.

I personally think this is a non issue today. Well, I think the issue still exist, but I do not think that it is anything that anyone should be the victim of. Because all programming languages have (or should have) libraries for most SQL databases that take care of this problem.

The way they take care of it is by the way to create the query. You write the query, and where you want to place dynmaic data, then you give it all the variables after that. By doing this you make sure that all the data in the variable are always treated as data and not as a query.

In other words: this should not be a problem as long as you use a good library, use it in the recommended way. And don’t create the queries in a dumb was (something like "select * from table where value”+variable_from_url=

#

08.08.2018 09:14

Liked: hugoduncan/clj-ssh: SSH commands via jsch

I’ve used this for a few internal automating a few server maintenance tasks.

#

08.08.2018 09:14

Liked: TLDR pages

#

08.08.2018 09:07

Liked: A simple introduction to Python’s asyncio – Hacker Noon

This is a no-buzzword first principles introduction to the asyncio library in Python.

#

07.08.2018 20:08

What a nightmare: G Suite and G Suite Happy Ending.

This feature seems like a bad idea to me, and I think Google have a job to do to make sure that people actually understand what they are doing.

#

07.08.2018 20:08

Instapaper — The next ten years of Instapaper

We are very sorry for the extended downtime and, as a token of our apology, we are giving six months of Instapaper Premium to all EU users affected by the outage.

#

07.08.2018 20:08

Liked: Rollup v. Webpack v. Parcel

#

07.08.2018 20:08

Liked: MacDrifter: OmniFocus 3

#

07.08.2018 11:21

Liked: A little Clojure-like LISP in JavaScript.

Ignore what they say, watch what they do.

07.08.2018 10:00

If you really want to get an idea of how people act you need to stop listenting to what they tell you and watch how they act. Especially when things don’t go like they would like it to go.

For example when you quit or something like that.

It is very easy to say that you do the right thing, and it is easier to do that when shit go like you would like them to. But how you act when things go bad is when you get the real picture.

People might say shit like “this company is like family”. But my expereince is that that is only true when it is an advantage for management or the company.