undefined | Better HN

0 pointsInclinedPlane14y ago0 comments

These techniques seem to only be useful against absolutely brain dead coding practices. As I said, if you're responsible for this code it's not useful to understand every aspect of this vulnerability, you just switch to a different implementation (preferably parameter binding using mysqli). This analysis is like learning techniques on how to stealthily steal a bike that is "locked" up with nothing more than twine. That's not really useful except in an "all knowledge is useful" sense.

0 comments

1 comments · 1 top-level

bandushrew14y ago

Interesting, I really dont agree. I have two roles that I regularly play as a developer, one is 'creating a solution from scratch', and in that situation - as you have said, I dont really need to be aware of these kinds of possibilities, just because I can avoid the problem entirely. Unfortunately the other role I frequently play is 'performing work on something someone else has built', and in that case I rarely have the ability to throw out everything that is there and start from scratch - which means I have to have an understanding of this kind of thing and know what kinds of changes will provide the greatest 'hit' in terms of security, while balancing those changes against the possibility of breaking existing work.

Besides, I find knowledge useful in a general sense.

j / k navigate · click thread line to collapse