How do you protect your server from SQL injection?
Do we even need to worry about it when almost all major languages provide some form of parameter binding?
How do you protect your server from SQL injection?
Camden Collins
Other urls found in this thread:
e-hentai.org
twitter.com
Owen Evans
are those the Arch panties?
Cameron Nguyen
sauce and I'll answer your question
Alexander Hernandez
they're rice bowl panties
Noah Wood
You use popular ORMs. You aren't better at preventing injection attacks than these libraries so don't even waste your time trying
Levi Thompson
What a stupid fucking question. Sanitize inputs or use an ORM that sanitizes for you (most of them do). Would've taken 5 seconds to find that on Jewgle
Noah Long
>SQL injection
Is it 2007 again?
Austin Carter
You don't need a fucking ORM to sanitize your inputs. Just use prepared statements like a sane person if you have no need for an ORM.
Jace Peterson
I've gotten into arguments at work with devs who are too lazy to use prepared statements because something is "probably not injectable by a user" it still happens when you have devs more interested in closing a ticket so they don't get fired vs actually implementing shit right the first time
Nathan Reyes
That's exactly the kind of mentality which results in data breaches, losing money and getting fired.
You should find a way to teach those retards that one should never trust an user input string unless it is sanitized.
Daniel Hall
by not using shitty langs
Charles Morales
Either use a rock solid ORM (RoR's Active Record for example isn't good at preventing SQL injections). Or write your own prepaired statements.
Xavier Martinez
>You don't need a fucking ORM to sanitize your inputs
What else do you use retard?
>inb4 prepared statements
not as secure
William Cox
>How do you protect your server from SQL injection?
You simply need to educate your SQL developers about it.
Considering the topic of SQL injection could be explained in five minutes, it shouldn't be too difficult.
Nathan Thompson
works as designed. systems are not designed for security but for deniability. even if you could do things right the first time, policy will be crafted with expectations that make it impossible in order to keep employees on a treadmill of barely meeting some arbitrary quota. when someone gets fired this way it's not even their fault even if they where incompetent, the game was rigged from the start.
Christopher Brooks
sauce?
Hunter Wilson
>not as secure
Elaborate.
Leo Fisher
Can someone genuinely answer why the fuck that in the year of our lord 2022 SQL is still used in industry when it has SO many security and design flaws?
Jeremiah Morgan
Unsanitized input is not a problem unique to SQL.
Noah Watson
Where else is it this big of a problem?
Joseph Hernandez
XSS, the entire log4j rce, just google unsanitized input exploit
Joshua Hughes
Fucking coomers
e-hentai.org