Jeezus - morons building software systems STILL allow injection attacks? Did they get somebody's kid brother from high school to build Gab in their spare time?
That is pretty damn hilarious, when you think about it. Amazingly, comically incompetent... sigh
( I design and build software systems for a living, so hearing about SQL injection attacks still being a problem after having good solutions available for so many years now is beyond depressing )
SQL Injection attacks are primarily a problem for web applications using a relational database to store the data from users of the applications (which is how most web apps work in practice).
The developers that don't know any better treat SQL commands as text in their code, and then allow user input to be "injected" by concatenating it into the SQL command text. This allows user input to alter the SQL commands themselves, which is a horribly bad idea.
The solution is for the SQL syntax to be parameterized, which does not allow user input to change the SQL syntax no matter what. That solution has been around for DECADES now... which apparently is unknown to whoever designed and built Gab.
Someone was going after the Demonhackers and he claimed the attack was just a scrape of public data, guess it wasn't.
I used a direct quote since I have no clue wtf it means ?
Jeezus - morons building software systems STILL allow injection attacks? Did they get somebody's kid brother from high school to build Gab in their spare time?
That is pretty damn hilarious, when you think about it. Amazingly, comically incompetent... sigh
( I design and build software systems for a living, so hearing about SQL injection attacks still being a problem after having good solutions available for so many years now is beyond depressing )
I wish I knew geek speak lol but I totally believe you ?
SQL Injection attacks are primarily a problem for web applications using a relational database to store the data from users of the applications (which is how most web apps work in practice).
The developers that don't know any better treat SQL commands as text in their code, and then allow user input to be "injected" by concatenating it into the SQL command text. This allows user input to alter the SQL commands themselves, which is a horribly bad idea.
The solution is for the SQL syntax to be parameterized, which does not allow user input to change the SQL syntax no matter what. That solution has been around for DECADES now... which apparently is unknown to whoever designed and built Gab.
I do agree however... torba needs to gab less and focus on this ongoing problem ? because I enjoy gab and it deserves to be great.