There’s been almost no traffic on this list this weekend so I don’t feel too bad posting something that’s not specifically about SQLite. But a lot of us use SQLite as a back end for web-facing databases, called from PHP, and this is about PHP tutorials found on the web.
ObAcronym: "SQLi" is short for "SQL injection". <https://www.helpnetsecurity.com/2017/04/21/programming-tutorials-vulnerabilities/> “Thanks to our framework, we have uncovered over 100 vulnerabilities in web application code that bear a strong resemblance to vulnerable code patterns found in popular tutorials. More alarmingly, we have confirmed that 8 instances of a SQLi vulnerability present in different web applications are an outcome of code copied from a single vulnerable tutorial,” they noted. “Our results indicate that there is a substantial, if not causal, link between insecure tutorials and web application vulnerabilities.” Moral: Web tutorials are for teaching you how a computer language works. Don’t copy-and-paste them into production code without thinking through the consequences. If you don’t understand what you’re doing, hire an experienced programmer. That’s what they’re for. Simon. _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
