|
Robert Martin wrote: supremely bad idea it is to use a textual data access language
As soon as I read that I thought, "SQL?"
Then I clicked the link and read that quote:
Robert Martin said: SQL is demon spawn, and no self-respecting software developer should ever use it.
It is crazy, but you could solve most of this by requiring all SQL to be run only via Stored Procs too.
Never let dynamic SQL be passed in. Ugh!!!
|
|
|
|
|
raddevus wrote: you could solve most of this by requiring all SQL to be run only via Stored Procs too.
Stored procedures aren't a magical defence against SQLi. If you're not using a properly parameterized query, they're just as vulnerable to SQLi as any other query.
And if you've spent any time in QA, you'll know that it's perfectly possible to write a stored procedure that contains its own SQLi vulnerability.
The only defence is to parameterize everything. And if you find yourself hitting one of the few things that can't be parameterized (table and column names, for example), and you can't find a way to avoid it, then use the system views to validate the crap out of the user input, preferably ditching the user input in favour of the values returns from the views.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
We never run raw SQL from our applications.....ever! And this is one of the reasons why. We execute stored procedures against the data. This is far more secure.
"There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult." - C.A.R. Hoare
Home | LinkedIn | Google+ | Twitter
|
|
|
|
|
Kent Sharkey wrote: I want you to think about just what a supremely bad idea it is to use a textual data access language.
You mean like JSON in client-side POST/GET commands?
|
|
|
|
|
So, you create an API and access the data... but there is no data since we chucked the database.
The far better solution is to have no data. This has the additional advantages of not having to write any code at all, nor having to design a UI. Heck, we can then get rid of project managers and executives will stop complaining about the annoying nerds, er, engineers. The amount of money saved is in the trillions world-wide.
|
|
|
|
|
In a recent survey conducted by Gartner, the organization found that the highest-ranked strategy for a successful DevOps approach was collaboration with information security. Step 0: don't
|
|
|
|
|
A Nobel Prize-winning economist says that Bitcoin should be outlawed. He states that the currency holds no real function and can easily be brought down by regulation. If you outlaw bitcoin, only outlaws will use bitcoin?
Yeah, I know - "Nobel prize-winning Economist" is just this side of, "some guy".
Also, gotta love that rouge currency. Rubles?
|
|
|
|
|
economist said: [bitcoin] can easily be brought down by regulation.
Well...what can't be?
|
|
|
|
|
Gold
Peter Wasser
"The whole problem with the world is that fools and fanatics are always so certain of themselves, and wiser people so full of doubts." - Bertrand Russell
|
|
|
|
|
Don't worry, it will crash on its own. (When is the million bitcoin question.)
|
|
|
|
|
Really? Gold has value because it's shiny and used in jewelry?
Please tell me how a piece of paper has value because... It's a tree?
Not really a satisfying answer either!
|
|
|
|
|
In May 2017, researchers at Google Brain announced the creation of AutoML, an artificial intelligence (AI) that's capable of generating its own AIs. "Skynet begins to learn at a geometric rate."
You know I had to use something like that.
|
|
|
|
|
A lot has changed in a quarter century. OMG - in case you needed to feel old
|
|
|
|
|
Lenovo also said that it wasn't aware of any third parties exploiting the app to gain access. They were shocked beyond belief when they found out.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
A new report tries to bring order to the messy business of measuring AI progress "Any A.I. smart enough to pass a Turing test is smart enough to know to fail it."
|
|
|
|
|
Have you ever mentioned something that seems totally normal to you only to be greeted by surprise? What's wrong with sigma?
|
|
|
|
|
One word:
Apply random goals
Gloss over the details
Incentivize "just get it done, we can refactor later"
Lack of documentation
Entertainment over formal processes
modified 5-Dec-17 7:52am.
|
|
|
|
|
Marc Clifton wrote: One word: routine?
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
The Wall Street Journal published a brief article last week where it posited that Microsoft’s Excel software has not kept up with contemporary needs the finance sector requires and subsequently resulted in financial chiefs asking their staffers to part ways with the aging piece of software. =IF(ISERROR("WSJ", "Fake news", NA()))
|
|
|
|
|
A recent DZone survey of 540 developers about application security indicated 54 percent think that they, the developers, should be responsible for security. It's not a contest who cares more, you know
|
|
|
|
|
To boost the stability of Chrome, Google has announced that it's going to start blocking third-party software from being injected into the browser. Up next: people complain their Chrome addons have stopped working
|
|
|
|
|
Time to make shirts, "Chrome is the new IE"?
|
|
|
|
|
Previously, SpaceX founder Elon Musk has said he intends to launch the "silliest thing we can imagine" on the maiden launch of the Falcon Heavy. At least he'll have something to drive when he gets up there
|
|
|
|
|
The set of four small thrusters came online Wednesday after NASA engineers noticed the spacecraft’s attitude control thrusters had been degrading for several years. In related news, the fridge I just bought has broken down. Again.
Alternately:
I try to fire my thrusters more often than every 37 years
|
|
|
|
|
Kent Sharkey wrote: I try to fire my thrusters more often than every 37 years
Beat me to it. No pun intended.
|
|
|
|