Comment by hsbauauvhabzb
3 days ago
I disagree. If your system is failing to correctly type check strings during SQL interpolation, you should probably kill it with fire.
3 days ago
I disagree. If your system is failing to correctly type check strings during SQL interpolation, you should probably kill it with fire.
I don't disagree... In most cases, it's not your system, though, it's someone else's.
> You can make a good case to spend time sanitising requests
> In most cases, it's not your system, though
You can’t pick and chose whether you own a system or not when presented with an opposing argument. That’s not how this works.
"System owner, we need to spend $10K to sanitise requests or a kid can destroy our business overnight".
"System owner, we need to spend $10K to clean up the database and code so that null and "null" are not the same thing, even though it works 99.99% of the time".
Do you see the difference?
1 reply →