Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
epse36585yIf you're in a "I don't want to deal with this rn" mood, most frameworks have really good input cleanup features behind the scenes
-
@epse Yup I know but most frameworks are way too much for what I need so I wrote my own.
Also, I want to know a framework inside out in case I need that and with big ones like Laravel, that's not going to happen with the amount of time I have :/ -
Fair point. In my ecosystem, the issue is really clients. They will not pay extra for the time needed to build in application security, evaluation phases, security checkpoints in the development lifecycle, etc...
Tbh if more people said "hey you know what you're right we should be allowing extra time for a secure application that can be extended to be more secure in the future... here's a couple extra thousand dollars of funding plus an extended time period with a grace period" then we'd have a lot less cambridge analytica's and Experian's. -
@epse I could have a look but I already do validation automatically in my framework, sometimes a case just arises where I have to do more checking and that annoys me at times :)
My own framework, although I am definitely not claiming that it's better than others, works exactly the way I need it to work, being very tiny as well.
Not saying I'll never switch to something else but for now, this fucker is very tiny and does exactly what I need! -
Then next implement some crypto(-;
There it get's real crazy. This guy did. Nice read, I think: http://loup-vaillant.fr/articles/...
Related Rants
I really have this fucking love/hate relationship with application security.
For a lot of stuff that I write, user input has to be validated, authentication is required and so on and I do love looking into that, pentesting my own applications to death and thinking about the security architecture of the application itself.
But, sometimes, I just want to focus on the fucking features and then it annoys the living hell out of me that securing an application can take so much time and brain power.
Yay and grrrr, I guess.
rant
security