Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
wannabe5325yFor fun, make a script that goes through payload all the things, and if it hits anything, emails the CTO with a big red X in the subject line.
-
Nah, it's not about security. It's just supporting dependency injection by design! :]
-
@Lensflare I know you're joking but you can dependancy inject without punching holes in your security.
-
I would just write tests that prove its exploitable from outside and let them deal with the fallout.
-
Root825575y@vorticalbox I made fun of them on slack in front of the dev and security teams. It got fixed. 😊
Related Rants
I'm seeing people defending clearly-injectable code and I'm just stunned.
And this person in particular is supposed to be responsible (at least partially) for finding security flaws.
I don't know what to say.
rant
but they still managed
like wtf
rails makes sqli difficult
fail
sqli
security