Life isn't easy if your last name is 'Null' as it still breaks database entries the world over
-
Word press code, and plugins, do not sanitize out of the box. You have to call an additional function, each time, that is not provided automatically. Many home made plugins miss that; many popular plugins used to be home made ones
Wordpress is a sin against mankind.
-
Wordpress is a sin against mankind.
Yet here we are, it and the plugins handle too much of my daily traffic. It’s easy to dismiss the piss poor coding, but is done at our peril.
Everyone of us has personal data stored in those God awful plugins, in their thousands of basic security holes
-
The article talks about a guy with a “NULL” license plate who gets tons of tickets for things he didn’t do so probably not the best plan
Yep. For the curious, any time a license plate photo couldn’t be fully read by the automated system, it was marked as “NULL” and he was flagged as the driver. So every single red light camera and speeding camera in the area was sending him to court every day.
-
I’ve been doing web development for something like 20 years now and I just can’t imagine how shitty your backend is if this is an issue.
It happened to a friend who wasn't passing in the proper types into their stored procedures, all strings, and "null" (not case sensitive) conflicted with actual null values. Everything in the web interface were strings, and so was null.
For some people it takes this mistake before they learn to always care about the data types you're passing in.
-
I have never seen this happen, and I don't know what tools would confuse the string "null" with NULL. From the comments in this thread, there are evidently more terribly programmed systems than I imagined.
Shit happens, mistakes are sometimes made. Valve once had code that could delete your entire drive.
-
I’ve been doing web development for something like 20 years now and I just can’t imagine how shitty your backend is if this is an issue.
With LLM coding increasing, it might be going up. Idk am no pro, just worried.
Tangential, but I find it hilarious how Gemini's syntax fucks up all the time.
I ask it to change my light called "CX2" to red. It complies, like usual, and it reads Okay, changing "CX2" to red., but what it says out loud is Okay, changing "CX two inches to red.
-
This post did not contain any content.
I was NaN years old when I learned this.
-
A couple years ago I wanted to write a simple website with SQL injection vulnerability, so I could demonstrate sqlmap to someone
It was surprisingly difficult (and every fiber in my body screamed)
Imagine how hard it is to be this bad. Yet still people manage to do it.
-
Legacy systems still handle more traffic than modern ones, I’d wager
any govt system.
-
/me changes name to
'); DROP TABLE STUDENTS; --.Are there character escapes for SQL, to protect against stuff like that?
-
Are there character escapes for SQL, to protect against stuff like that?
Input sanitation typically handles this as a string that only includes characters supported by the data type of the table in question. While in transit, the strings might be escaped at certain stages, such as via URL encoding. Though this is considered poor practice in many applications, it’s not uncommon to see. The point, however, is to prevent the evaluation of inputs as anything other than their intended type, whether or not reserved characters are present.
-
Wordpress is a sin against mankind.
Let's take a blog and slap a whole e-commerce system on it through a plugin and let it auto translate with another one, what could go wrong. wait why is everything so slow, oh i need additional plugins for caching and one more for functionality XYZ why is everything broken now?!?
-
Wordpress is a sin against mankind.
Let's take a blog and slap a whole e-commerce system on it through a plugin and let it auto translate with another one, what could go wrong. wait why is everything so slow, oh i need additional plugins for caching and one more for functionality XYZ why is everything broken now?!?
-
Wordpress is a sin against mankind.
Let's take a blog and slap a whole e-commerce system on it through a plugin and let it auto translate with another one, what could go wrong. wait why is everything so slow, oh i need additional plugins for caching and one more for functionality XYZ why is everything broken now?!?
-
Wordpress is a sin against mankind.
Let's take a blog and slap a whole e-commerce system on it through a plugin and let it auto translate with another one, what could go wrong. wait why is everything so slow, oh i need additional plugins for caching and one more for functionality XYZ why is everything broken now?!?
-
Wordpress is a sin against mankind.
Let's take a blog and slap a whole e-commerce system on it through a plugin and let it auto translate with another one, what could go wrong. wait why is everything so slow, oh i need additional plugins for caching and one more for functionality XYZ why is everything broken now?!?
-
Wordpress is a sin against mankind.
Let's take a blog and slap a whole e-commerce system on it through a plugin and let it auto translate with another one, what could go wrong. wait why is everything so slow, oh i need additional plugins for caching and one more for functionality XYZ why is everything broken now?!?
-
Are there character escapes for SQL, to protect against stuff like that?
Use parameters, that way data and queries are separate.
-
Are there character escapes for SQL, to protect against stuff like that?
Yes but it's a dangerous process. You should use paramatrized queries instead.
-
Legacy systems still handle more traffic than modern ones, I’d wager
And it's probably not seen as urgent enough an issue to need replacing the whole system for.
