undefined | Better HN

0 pointscyphunk12y ago0 comments

not much more encouraging. it looks to me like patch work. ive had this in the past. would give a PoC to a client along with a recommended design change to the questionable methods of the code. they would send back a new version with a patch much like all of those linked here. in the end those patches address the PoC but not the problem. then i just rework the PoC to go around the patch. This cat-mouse game goes on until they go back, do the f'ing work, and implement the original design change suggested. I say all that just to point out that this looks like patch work and is a scary behaviour. Then again, maybe this is the nature of nodejs (omg).

Also, as a general rule:

    ANY SECURITY PATCH THAT IS A REGEX IS NOT A SECURITY PATCH

0 comments

1 comments · 1 top-level

hueving12y ago

>ANY SECURITY PATCH THAT IS A REGEX IS NOT A SECURITY PATCH

Not true. Regex works well for forcing integers.

j / k navigate · click thread line to collapse