Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Well I'm totally not into database knowledge, but my try would have been "by never trusting any external input, always sanitising/escaping it server-side (no matter whether it had been validated client-side)"?
-
smirving915y@Fast-Nop Data that writes to the database should ALWAYS be sanitized client side and server side. I think were in agreement but just wanted to stress that it should never be just one even if it's getting done server side.
-
@smirving For the injection issue specifically, I think client-side sanitation can never be trusted because attackers can modify any client-side code anyway and use their modified forms etc for submitting.
For catching user errors without needing several roundtrips in GUI delay, client-side validation is still helpful. -
I know it! You need to base64 every user input. That way it'll never be meaningful SQL.
Interviewer: Do you know about SQL injection?
Student: Yessss
Interviewer: Okay, how we can prevent it?
Student: Yes, we should prevent it as prevention is always better than cure. It can lead to data loss and other problems so it can be difficult to fix it if it happens. The best case is that nothing like that takes place. [...]
Interviewer: I get it but how?
Student: By not building any web applications.
[Silence]
Interviewer: Nice, you may go. Do not call us. We will call you.
rant