Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
The amount of people that write their own shitty login code instead of just using a simple library -_-
-
Jifuna37268y@LucaScorpion What if I tell you, that it's more fun to make it yourself instead of including a library. If you do good research, you can make it secure.
-
@Jifuna Oh yeah absolutely, but the problem is that a lot of people don't do that research.
-
@Jifuna It is important to know how the wheel is made indeed. To then improve it, not reinvent it.
-
@Jifuna One will never keep in mind all those security flaws a big bunch of very smart people have invested years of manhour in. Don't run your own security. You will not be en par with them even remotely, and it most likely won't be maintained that long. I remember going through a library's password comparison algorithm and was confused as to why they were comparing letter by letter even if they didn't match. Then it hit me: otherwise you could do a timing attack as faulty password would get rejected faster than those that matched more letters. They wanted to ensure that timing was always the same for a string of a given length. I never would have thought of that vector of attack. Build your own security library for the lulz and learning. Yet please don't deploy it anywhere.
-
Jifuna37268y@k0pernikus hmm, good point. I think you're right. Thanks for this insight. There are probably a lot of things not secure when I write the library, things I did'nt think off. In contrary when a whole team write it. The funny thing is though: on this moment I have a opensource project where I write a accountsystem library in php. Just for self reflection and learning.
-
JavaScript too. It's way too mainstream and easy to get started (but not master), so you can see quite a lot of bad code being produced by newcomers.
Related Rants
PHP 🐘 is so damn easy to learn, run straighforward in all OSs, that anyone can start coding in no time. Therefore, the amount of crap code around, made by unskilled devs, is just *unbelievable*. 💩
undefined
typeless
workarounds
wk30
injectable
php
crap code