Being a programmer for a while now it always irritates me to try to explain what I'm working on to friends and family. I forget what I knew before I developed. I'm always like "I made the strings in the database- oh I mean the words...well they're actually more like strings of letters- well anyway I made a code to sanitize the user input- I mean make it so it is secure before uhhh saving." I spend so much time watering what I'm saying down I forget what I'm talking about

It's not even funny. It'd be funny if one single person in my family or friend group understood what I meant to some degree.

I dont understand the Log4j vulnerability.

Isnt the ability to execute code a feature they added so that you can add dynamic data to the logs?

If it is a feature then isnt it written in the documentation?

Is the problem that a lot of companies forgot to sanitize the input before logging it?

Guys. Sanitize the Tags input length. Here on devrant. Call the devs, I don't know who they are...

It reaaaally annoys me when my business logic is sound but the data is corrupted.

For example, find duplicates in a HashMap<String>.. but I didn't take into account the input could contain a space either before or after.. so I end up wondering: if a HashMap only contains unique keys, how come the count of items in the map is the same as the count of the input keys?! Well.. spaces were the culprit.

"12345" != "12345 ".. and therefore the Map sees it as two distinct keys..

What an annoying bug.

Lesson learned: 1) Sanitize input first and never trust it. 2) Never make assumptions

Inherited a legacy system from a previous "developer" who wrote code to sanitize input from sql injection in the front end and then called an web method called execSql which accepts am sql statement in a string value!

Obviously the app ran under admin privileges.

I like to teach sites that don't escape HTML/js in input fields a lesson, and put in a redirect. Where would you redirect them?

I tend to go SFW, like redirecting to a competitor or the NSA.