I will always upvote Little Bobby Tables.
Thank you!
Suddenly, very relatable today…
I was just thinking how the developer of kbin made a post regarding a similar bug in kbin and some people made fun of him for missing something so obvious, and here we are 🤨
There’s only two kinds of people:
- Those who know no system is fool proof.
- Dumbasses.
I think everyone is on a journey from 2 -> 1, some just get there sooner than others :)
If you are creating some software in 2023, it should not be vulnerable to SQL injection.
There’s no “but” or “unless”.
I really wished the presentation layer and session management had that kind of clear interfaces, instead we are stuck into only solving some 99.9% of CSS and 90% of CSRF. But SQL injection is 100% complete solved for good.
Bobby Tables is probably old enough for his own kid, Cross Site Samantha. I bet she created a Lemmy account recently.
I had her naked vids on VHS in 1982 before I rode my dinosaur to GemCo.
I have a cousin whose driver’s license name is “FNU” which stands for first name unknown. This was due to some quirk in his immigration documents. I cannot imagine how much havoc this must cause.
Oh man, there’s this really good Radiolab episode (Null) about weird name stuff in databases. One story they got is from a guy who made his license plate NULL thinking it would be able to avoid tickets, but it ended up being the other way around.
Tickets were able to avoid him?
More-so he got every ticket filed under NULL.
I’ve not seen this one before, but it might be my new all-time favorite.
Really? That’s probably the most famous XKCD ever. It’s surprising that anyone who understands it has never seen it before.
In the old days you could do a lot of damage to a lot of websites with this kind of trick…
Mind you, it’s only because nowadays libraries for processing web-requests and for feeding SQL queries to databases automatically do all kinds of escaping of special characters and sanitizing of inputs that things are a lot better: in my experience the “average” dev out there doesn’t really has much awareness about security-adjacent concerns like “sanitize inputs coming from the outside” (and no, you can’t trust Javascript on the browser for that) and, besides, tons of companies outsourced their code making work to places like India were far too many “devs” are people with zero skill for it who joined the Industry because demand was so big that anybody who knows the right side of the keyboard to type on is hired and then outsourced to some western suckers in management as a “senior developer”.
As a data engineer for the past decade, Bobby Tables has been this shared cultural reference in my industry for years. I will always upvote Bobby Tables.
Thank you!
Classic!