I will always upvote Little Bobby Tables.
Suddenly, very relatable today…
I was just thinking how the developer of kbin made a post regarding a similar bug in kbin and some people made fun of him for missing something so obvious, and here we are 🤨
There’s only two kinds of people:
- Those who know no system is fool proof.
- Dumbasses.
If you are creating some software in 2023, it should not be vulnerable to SQL injection.
There’s no “but” or “unless”.
I really wished the presentation layer and session management had that kind of clear interfaces, instead we are stuck into only solving some 99.9% of CSS and 90% of CSRF. But SQL injection is 100% complete solved for good.
The best developers can admit they missed something, fix it, and move on to the next thing.
The difference is that here lots of people posted about it and action was taken. If this was corporate owned, any suggestions of a problem would have been removed or denied, and months later after it hits public media they would have admitted there might have been a problem, and here’s some free identity theft protection if you feel like you were affected.
Because he doesn’t know the difference between an SQL injection and a Cross site scripting attack.
Bobby Tables is probably old enough for his own kid, Cross Site Samantha. I bet she created a Lemmy account recently.
I have a cousin whose driver’s license name is “FNU” which stands for first name unknown. This was due to some quirk in his immigration documents. I cannot imagine how much havoc this must cause.
Oh man, there’s this really good Radiolab episode (Null) about weird name stuff in databases. One story they got is from a guy who made his license plate NULL thinking it would be able to avoid tickets, but it ended up being the other way around.
As a data engineer for the past decade, Bobby Tables has been this shared cultural reference in my industry for years. I will always upvote Bobby Tables.