Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
@AlgoRythm Why stop there? I say fuck SQL!
-
@Lensflare some of SQL is nice. Basic commands before you get into 9-ways-sideways joins with quadruple nested subqueries
Related Rants
So apparently this is an official company in the UK
Just sat through a demo of some clicky-draggy data visualisation stuff.
The guy showed us how you can write a custom script that takes a user input and pokes it into a sql command using string concatenation, so a very obvious injection vulnerability.
Ok, so it's only a demo. But you wouldn't do a demo with an example user called Captain Cock, so why do a demo with a screamingly obvious security hole?
Whole thing was basically pivot tables in a short skirt anyway.
rant
captain cock
bobby tables
salesman
sql injection