[ale] Be careful where you learn to code
Alex Carver
agcarver+ale at acarver.net
Fri Apr 21 10:40:32 EDT 2017
On 2017-04-21 07:19, DJ-Pfulio wrote:
> Be careful where you learn to code. Not all tutorials are equal,
> especially for web-app scripted languages.
>
> https://www.helpnetsecurity.com/2017/04/21/programming-tutorials-vulnerabilities/
That MySQL example on the page is just awful. I've seen some written
this way but with large warning boxes below the example that explicitly
say this method is insecure and only intended to show a process flow
(checking against a count of users).
Doesn't matter the language, the basic concept of sanitizing user input
should be universal whether by using sanitizing functions, stored
procedures for DBs, casting or anything else.
More information about the Ale
mailing list