Learn More
Resend Email
59
Root
5y

I'm seeing people defending clearly-injectable code and I'm just stunned.

And this person in particular is supposed to be responsible (at least partially) for finding security flaws.

I don't know what to say.

rant

but they still managed

like wtf

rails makes sqli difficult

fail

sqli

security
Favorite
Ranter
Comments
  • 26
    5y
    "I am pretty sure we do this all over the place"

    That isn't helping my sanity, Mike!
  • 5
    5y
    For fun, make a script that goes through payload all the things, and if it hits anything, emails the CTO with a big red X in the subject line.
  • 0
    5y
    You should inject it as a "toldja so"?
  • 1
    5y
    he's defending his job security

    oh wait...
  • 4
    5y
    Nah, it's not about security. It's just supporting dependency injection by design! :]
  • 1
    5y
    @Lensflare I know you're joking but you can dependancy inject without punching holes in your security.
  • 0
    5y
    I would just write tests that prove its exploitable from outside and let them deal with the fallout.
  • 3
    5y
    @vorticalbox I made fun of them on slack in front of the dev and security teams. It got fixed. 😊
  • 0
    5y
    @Root works too lol
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment