Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Root79775295dEntirely depends what it is.
An article? Absolutely.
A password? Retroactively fuck your mother with a rusty hanger. -
tosensei8453294dthis is your not-so-friendly reminder to just use parameterised queries and stop giving a fuck _what_ the user enters.
-
LLAMS3663294d@Demolishun It is absolutely a veiled “didn’t sanitize inputs” problem.
They are not passwords or articles or any kind of freeform content, they are IDs which will later be queried against. -
Lensflare17495294d@LLAMS how do those ids end up having trailing or leading whitespace? Does someone enter them manually? If so, why?
-
LLAMS3663294d@Root Joke’s on you it’s a DynamoDB table. Checkmate hackers. Oh wait, now you know…
This is your friendly reminder to trim whitespace from strings before saving them to a DB
rant