CW: The SQL injection vulnerability isn't important because our code is proprietary so hackers won't find it.

Me: <censored>

Security by obscurity makes experts grimace with enmity

If that where the case windows would never have had any security patches.

I mean, I know for a fact that it nobody can SQL inject it my machine... So... It works on my machine, lol 😂 jk

@djlazz3 i still remember the day I learned what sql injection was an realized that our site was wide open.

One very intense and stressful hour later it was secured.

Reminds me of what the former Minister of Justice of Spain, Rafael Catalá, said last year when it was (easily) found out that the groupware system they created basically for managing cases between lawyers and judges didn't check for unauthorized access when you incremented or decremented the case id in the URL, so lawyers could access data for any case they wanted.

When confronted with it, he said that “accessing unauthorized data is illegal anyway, so the system is perfectly secure.”

He actually and unironically used the words “perfectly secure” to describe it.

@Voxera that sounds like fun 😂

@djlazz3 not at the moment but now some 15 years later its easier to laugh about it ;)