Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
CS teacher tip of the day:
server side input checks and sanitization are always useless. because nowdays all browsers have javascript enabled by default and nobody disables it. so client-side checks are safe.
me: ***WTF!?!***11 -
Alright fuck it, let's release this fucker!
https://lynkz.me is the main domain. The interface is *usable* and nothing more than that. I'll invest more time in that soon but for now, hey, it works.
Api is located at https://api.lynkz.me.
Documentation for this (literally some echoes to the screen but it contains the needed information for now) is at that api url.
Found a bug or a security vulnerability? Please let me know!
Yeah I use mariadb but sql injection is luckily not possible due to quite some sanitization ;)
WARNING: if you make a shortened url and forget the delete key, you won't be able to delete it.
Let's see how this goes 😅111 -
CLIENT "So my nephew who does stuff with computers built it and we are ok with how it all works so don't worry about changing that. "
DEV "so like you have a public form with no input filtering, spam mitigation let alone sanitization or remote concern for security. Basically you have a Json flat file that is 34mbs of links to, viagra, replica watches, nock off name brands and one real estate company. It is getting about 15 submissions an hour. Since you don't want me changing how it works are you happy to just leave all that ?"
CLIENT "no no we don't want all that but we have no route to delete it, can you just stop all the spam and let us continue on?"
DEV "ok so back to my first question can we rebuild all of this properly, or do you really want to just leave it all"
:/ FML3 -
I told him that he should patch the getQueryString() due to it going through no sanitization before going straight to the API so at this point I feel entitled to fuck with their shit.
5 -
I feel compelled to share this - I think every programmer needs to read this.
I know I'm right but I'm not in the mood to validate my argument, that is a privilege I reserve exclusively for real arguments - usually containing foreign user input in dire need of sanitization -which kinda sucks...
so instead here is a morsel and a link, enjoy the read.
https://medium.com/@caspervonb/...
3 -
Teach things properly, most teachers are confused and they start throwing keywords at even more confused students who then have no clue what they are doing and they then ask me to do their work for them showing me their unindented(well... kinda, they all seem to fight with the IDE, which is trying to properly indent their mess, for some reason), teachers think that Turbo Pascal is the way of life and that it is used everywhere(one teacher tried to tell me that Pascal is used in the stock market and in modern operating systems - U wot m8?! how high are you right now) and they don't teach user input sanitization and type checking, they stare at you like you are the fucking satan when you dare to use objects, collections and abstraction because they are scared to death of that stuff... and then they think 60 minutes is enough to teach HTML, CSS, JS and PHP in one go(which they even don't know properly - the teacher that made and maintains the school's website is probably stuck in 1998 judging by the design and functionality of the website and his clothes) and they then send absolutely clueless students to compete in a web design competition (and then they get angry at the judges for giving the students 0 points)6
-
Recently, I launched a website to practice and perfect a lightweight Larval CMS that is forcing me to learn Databases and good sanitization practices.
Trolling Zuckerberg's Facebook for Images to make potential MeMes, I can't help but notice he has quite a ridiculous and unrealistic amount of instances in which he seems to be talking to military and government officials.
Figured I'd use the old humor as a weapon to shed light upon this.
-
Working on a legacy PHP project that every single query inserts user-provided data without any sanitization, aka SQL injection ahoy! Also no framework.1
-
#Suphle Rant 6: Deptrac, phparkitect
This entry isn't necessarily a rant but a tale of victory. I'm no more as sad as I used to be. I don't work as hard as I used to, so lesser challenges to frustrate my life. On top of that, I'm not bitter about the pace of progress. I'm at a state of contentment regarding Suphle's release
An opportunity to gain publicity presented itself last month when cfp for a php event was announced last month. I submitted and reviewed a post introducing suphle to the community. In the post, I assured readers that I won't be changing anything soon ie the apis are cast in stone. Then php 7.4 officially "went out of circulation". It hit me that even though the code supports php 8 on paper, it's kind of a red herring that decorators don't use php 8 attributes. So I doubled down, suspending documentation.
The container won't support union and intersection types cuz I dislike the ambiguity. Enums can't be hydrated. So I refactored implementation and usages of decorators from interfaces to native attributes. Tried automating typing for all class properties but psalm is using docblocks instead of native typing. So I disabled it and am doing it by hand whenever something takes me to an unfixed class (difficulty: 1). But the good news is, we are php 8 compliant as anybody can ask for!
I decided to ride that wave and implement other things that have been bothering me:
1) 2 commands for automating project setup for collaborators and user facing developers (CHECK)
2) transferring some operations from runtime to compile/build TIME (CHECK)
3) re-attempt implementing container scopes
I tried automating Deptrac usage ie adding the newly created module to the list of regulated architectural layers but their config is in yaml, so I moved to phparkitect which uses php to set the rules. I still can't find a library for programmatically updating php filed/classes but this is more dynamic for me than yaml. I set out to implement their library, turns out the entire logic is dumped into the command class, so I can neither control it without the cli or automate tests to it. I take the command apart, connect it to suphle and run. Guess what, it detects class parents as violations to the rule. Wtflyingfuck?!
As if that's not bad enough, roadrunner (that old biatch!) server setup doesn't fail if an initialization script fails. If initialization script is moved to the application code itself, server setup crumbles and takes the your initialization stuff down with it. I ping the maintainer, rustacian (god bless his soul), who informs me point blank that what I'm trying to do is not possible. Fuck it. I have to write a wrapper command for sequentially starting the server (or not starting if initialization operations don't all succeed).
Legitimate case to reinvent the wheel. I restored my deleted decorators that did dependency sanitation for me at runtime. The remaining piece of the puzzle was a recursive film iterator to feed the decorators. I checked my file system reader for clues on how to implement one and boom! The one I'd written for two other features was compatible. All I had to do was refactor decorators into dependency rules, give them fancy interfaces for customising and filtering what classes each rule should actually evaluate. In a night's work (if you're discrediting how long writing the original sanitization decorators and directory iterator), I coupled the Deptrac/phparkitect library of my dreams. This is one of the those few times I feel like a supreme deity
Hope I can eat better and get some sleep. This meme is me after getting bounced by those three library rejections
Top Tags
Weekly Rant
View