Programmer Humor

1366 readers

1 users here now

founded 1 year ago

MODERATORS

[email protected]

187

Everyday we stray further from industry standards (lemmy.world)

submitted 1 month ago by [email protected] to c/[email protected]

24 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 15 points 1 month ago* (last edited 1 month ago) (2 children)

GET /api/database?query=SELECT+++name+++FROM+++users+++WHERE+++id=42

I've seen that exact type of endpoint, hitting databases in production. 🔥

[–] [email protected] 5 points 1 month ago

[–] [email protected] 1 points 1 month ago (1 children)

If that's a pass through, that's bad.

If that's used for authentication, authorization, credential limiting, or rate limiting, then sure.

[–] [email protected] 3 points 1 month ago (1 children)

There is no context in this world validating this level of unsanitized SQL. Even for internal use this is bad, since it bypasses the auth of server and dbms.

[–] [email protected] 1 points 1 month ago

That is a very good point.