It is only safe for the SQL server. An injection attack could still be targeting... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

eurasiantiger on Oct 17, 2022 | parent | context | favorite | on: How boring should your team's codebases be

It is only safe for the SQL server. An injection attack could still be targeting a cache (to poison it with e.g. a malicious script), the browser (to steal data via XSS/CSRF) or the user (show an error message telling them to contact malicious number).

P5fRxh5kUvp2th on Oct 17, 2022 [–]

What the person said

> "You can stick any user input into a database query and you'll be fine"

Besides which, pretend SQL Server is a glorified cache, the result is the same.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact