Life isn't easy if your last name is 'Null' as it still breaks database entries the world over
-
Yup, then it becomes a front-end problem to deal with wonky input. As a backend dev, this is ideal, just give me data and I'll store it for ya.
-
Only noobs get hit by this (called SQL injection). That's why we have leads review code...
-
Two likely reasons:
- CSV got involved somewhere
- JavaScript
-
Lately I’ve been dealing with tons of invalid byte sequences in MySQL dumps and it makes me question what the hell they’re allowing in there.
-
Is it though? I haven’t used a framework since probably 2007 that doesn’t do this. There are the smaller, more DIY frameworks out there but I’ve never used them professionally.
-
Yeah that’s a whole other can of worms. I see this a lot at work where people are asking for direct database credentials and cringe every time.
-
I'm a year old undefined and I find it [redacted]
-
Like you said, GIGO, but I can't say I'm familiar with any csv looking like that. Maybe I'm living a lucky life, but true null would generally be an empty string, which of course would still be less than ideal. From a general csv perspective, NULL without quotes is still a string.
If "NULL" string, then lord help us, but I would be inclined to handle it as defined unless instructed otherwise. I guess it's up to the dev to point it out and not everyone cares enough to do so. My point is these things should be caught early.
I'll admit I'm much more versed in mysql than postgres.
-
That boy ain't right
-
Mandatory xkcd:
-
Code is easy in a vacuum. 50 moving parts all with their own quirks and insufficient testing is how you get stuff like this to happen.
-
(to make the joke more obvious)
The two most common sources of security vulnerabilities are buffer overflows, use-after-free, and off-by-one errors.
-
Ah yes, little Nell=%00\u0000'\0'""'0'0x000x30'';
Nellie Null we call her.
She and her cousin Bobby Tables love to scamper around, but they are good kids. They would never break anything intentionally
-
Friend of little Bobby I presume
-
I can't even think of a language that does that. I don't think even JS does it, and if anything was going to it's fucking that.
-
really it's a cautionary tale about the intersections of different technologies. for example, csv going into a sql database and then querying that database from another language (whether it's JS or C# or whatever)
when i was 16 and in driver's ed, I remember the day where the instructor told us that we were going to go drive on the highway. I told him I was worried because the highway sounds scary- everybody is going so fast. he told me something that for some weird reason stuck with me: the highway is one of the safest places to be because everybody is going straight in the same direction.
the most dangerous places to be, and the data backs this up, are actually intersections. the points where different roads converge. why? well, it's pretty intuitive. it's where you have a lot of cars in close proximity. the more cars in a specific square footage the higher probability of a car hitting another car.
that logic follows with software too. in a lot of ways devs are traffic engineers controlling the flow of data. that's why, like you said, it's up to the devs to catch these things early. intersections are the points where different technologies meet and all data flows through these technologies. it's important to be extra careful at these points. like in the example i gave above..
the difference between
WITH (FORMAT csv, HEADER true);and
WITH (FORMAT csv, HEADER true, NULL '');could be the difference between one guy living a normal life and another guy receiving thousands of speeding tickets https://www.wired.com/story/null-license-plate-landed-one-hacker-ticket-hell/
-
There is an infosec guy in California who had NULL as his car license plate. If a license-plate reader detects a ticketable event but the license plate is unreadable, guess how the system handles those events?
Infosec guy was not a happy bunny.
