this post was submitted on 24 Feb 2025
412 points (98.6% liked)

Technology

63455 readers
7508 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
412
Life isn't easy if your last name is 'Null' as it still breaks database entries the world over (www.pcgamer.com)
submitted 4 days ago by [email protected] to c/[email protected]
76 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 50 points 4 days ago (4 children)

Unless you’re coding from scratch it’s hard to not do this with any modern framework.

[–] [email protected] 41 points 4 days ago (2 children)

Legacy systems still handle more traffic than modern ones, I’d wager

[–] [email protected] 5 points 4 days ago

And it's probably not seen as urgent enough an issue to need replacing the whole system for.

[–] [email protected] 4 points 4 days ago

any govt system.

[–] [email protected] 22 points 4 days ago (1 children)

Word press code, and plugins, do not sanitize out of the box. You have to call an additional function, each time, that is not provided automatically. Many home made plugins miss that; many popular plugins used to be home made ones

[–] [email protected] 15 points 4 days ago (7 children)

Wordpress is a sin against mankind.

[–] [email protected] 15 points 4 days ago* (last edited 4 days ago) (1 children)

Let's take a blog and slap a whole e-commerce system on it through a plugin and let it auto translate with another one, what could go wrong. wait why is everything so slow, oh i need additional plugins for caching and one more for functionality XYZ why is everything broken now?!?

Edit: Sorry, my app had a hiccup and posted my comment several times

[–] [email protected] 9 points 4 days ago

Maybe your app is based on WordPress :'D

[–] [email protected] 7 points 4 days ago

Yet here we are, it and the plugins handle too much of my daily traffic. It’s easy to dismiss the piss poor coding, but is done at our peril.

Everyone of us has personal data stored in those God awful plugins, in their thousands of basic security holes

[–] [email protected] 13 points 4 days ago (1 children)

A couple years ago I wanted to write a simple website with SQL injection vulnerability, so I could demonstrate sqlmap to someone

It was surprisingly difficult (and every fiber in my body screamed)

[–] [email protected] 9 points 4 days ago

Imagine how hard it is to be this bad. Yet still people manage to do it.

[–] [email protected] 6 points 4 days ago* (last edited 3 days ago) (2 children)

Unless you’re coding from scratch it’s hard to not do this with any modern framework.

I think that word modern is doing a lot of heavy lifting there.

A lot of systems simply aren't modern. There's always that mentality of "well, it's been working for the last 12 years, let's not mess with it now", despite all the valid objections like "but it's running on Windows2000” or "it's a data breach waiting to happen"...

[–] [email protected] 1 points 3 days ago

Is it though? I haven’t used a framework since probably 2007 that doesn’t do this. There are the smaller, more DIY frameworks out there but I’ve never used them professionally.

[–] [email protected] 1 points 3 days ago (1 children)

What is a data beach?

[–] [email protected] 1 points 3 days ago

Thanks, I missed that