xiven.com stating the blatantly obvious since 2002


I am an idiot. An imbecile some might say. They would not be wrong.

I am guilty of sins of programming stupidity.

I have transgressed against the holy laws of coding, particularly the holiest law: Thou shalt never trust any data provided by a user.

I was blind and did not see my folly. I thought I was safe, protected by the languages that I used. I did not see the foolishness of my ways.

Through my transgressions I have been made to look like the fool that I truly am.

I am heartily sorry and repent of all my sins. May the gods of computer science have mercy on my soul.

Posted: 2005-06-13 13:22:21 UTC by Xiven | Cross-references (0) | Comments (5)




  • Kai Hendry (2005-06-14 06:51:02 UTC)

    Don't be so hard on yourself. :)

    Somehow the language should take care of this. I remember seeing (perhaps on http://www.rubyonrails.org/) where the guy just set his database table field to be say CHAR(20) and the program generated the JS to check it, as well as the server side to check it *again*.

  • Anonymous (2005-06-25 19:50:28 UTC)

    Well, what'd you do?

  • Xiven (Registered) (2005-06-28 12:58:30 UTC)

    Oh, just a few SQL injection vulnerabilities here and there. On several websites.

  • Graham Pike (2005-06-28 20:00:00 UTC)

    I don't think you're being hard enough on yourself. Please do better in future.

  • Xiven (Registered) (2005-06-29 16:36:01 UTC)

    Oh hush, your website is fine... now.