𝔻𝔼𝕍𝕀𝕃𝕀𝕊ℍ@lemmy.worldBanned from community to Programmer Humor@lemmy.ml · 2 years agoPython tutorial momentlemmy.worldimagemessage-square17linkfedilinkarrow-up110arrow-down11
arrow-up19arrow-down1imagePython tutorial momentlemmy.world𝔻𝔼𝕍𝕀𝕃𝕀𝕊ℍ@lemmy.worldBanned from community to Programmer Humor@lemmy.ml · 2 years agomessage-square17linkfedilink
minus-squarebort@sopuli.xyzlinkfedilinkarrow-up1·2 years ago I’m no security expert and the sensible thing to do is using a library instead of taking a class. Counterpoint: “not knowing your libraries” + “blind trust in the maintainer” will give you stuff like this: https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in (the thread itself is worth a read. But also very impressive is the list of big players who fell for exactly this mentality)
minus-squareunique_hemp@discuss.tchncs.delinkfedilinkarrow-up2·2 years agoLove the part where he claims that if your users are authenticated, it’s not untrusted input. I mean, surely you trust all of your users to run any code on your server, right?
Counterpoint: “not knowing your libraries” + “blind trust in the maintainer” will give you stuff like this: https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in
(the thread itself is worth a read. But also very impressive is the list of big players who fell for exactly this mentality)
Love the part where he claims that if your users are authenticated, it’s not untrusted input. I mean, surely you trust all of your users to run any code on your server, right?