Hacking
-
Eddy Vluggen wrote:
Thank you for proving my point.
I don't think you understand your point then. If all we told people is to use parameterized queries but did not explain why, the lesson would not be learned as well. Explaining how non-parameterized queries can allow someone to hack your db is magnitudes more valuable than just telling them to use parameters.
Eddy Vluggen wrote:
that's why I post under my real name, and you don't dare too.
1. You can't prove that it's your real name. 2. You can't prove this is not my real name.
20212 wrote:
I don't think you understand your point then.
Not my problem, is it?
20212 wrote:
If all we told people is to use parameterized queries but did not explain why, the lesson would not be learned as well. Explaining how non-parameterized queries can allow someone to hack your db is magnitudes more valuable than just telling them to use parameters.
Again, thanks for proving my point :)
20212 wrote:
1. You can't prove that it's your real name.
I can, there's a photograph on here from me. Look it up. No, no record government linking me to that, I not that much of a fool.
20212 wrote:
2. You can't prove this is not my real name.
Easy, that's not even a legal name; you're not allowed to name children like that. I been a developer for over 20 years. Been concerned with security for the same time. We "know a bit" about the subject :)
Bastard Programmer from Hell :suss: "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
-
Eddy Vluggen wrote:
Learning how to exploit a vulnerability teaches not how to code.
Sure it can. Just like SQL injection. That's hacking but we talk about it all the time. Hacking is a good way to learn how things work.
20212 wrote:
Just like SQL injection.
I am so old that I find the very idea of SQL injection completely crazy. Why would anyone even get close to the idea of passing SQL code ahead, without parsing it and consider it against authorization restrictions? I know. "Because it would reduce performance". So then you could make two versions of your SQL based application: One HighPeformance version to use when benchmarking or comparing against alternatives. When you boost multiplatform and high availability, there is another, "safe" version with all the flexibility and functionality ruining performance, but beneficial in a lot of other ways.
-
20212 wrote:
Just like SQL injection.
I am so old that I find the very idea of SQL injection completely crazy. Why would anyone even get close to the idea of passing SQL code ahead, without parsing it and consider it against authorization restrictions? I know. "Because it would reduce performance". So then you could make two versions of your SQL based application: One HighPeformance version to use when benchmarking or comparing against alternatives. When you boost multiplatform and high availability, there is another, "safe" version with all the flexibility and functionality ruining performance, but beneficial in a lot of other ways.
trønderen wrote:
I am so old that I find the very idea of SQL injection completely crazy. Why would anyone even get close to the idea of passing SQL code ahead, without parsing it and consider it against authorization restrictions?
Because often there's none such restriction. Looking at you VB programmers.
trønderen wrote:
I know. "Because it would reduce performance"
Not in any way. So proven you don't know. The rest of your drivel I not gonna answer to. You entitled to your petty opinions, and that's why I'm paid more. Any other questions?
Bastard Programmer from Hell :suss: "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
-
trønderen wrote:
I am so old that I find the very idea of SQL injection completely crazy. Why would anyone even get close to the idea of passing SQL code ahead, without parsing it and consider it against authorization restrictions?
Because often there's none such restriction. Looking at you VB programmers.
trønderen wrote:
I know. "Because it would reduce performance"
Not in any way. So proven you don't know. The rest of your drivel I not gonna answer to. You entitled to your petty opinions, and that's why I'm paid more. Any other questions?
Bastard Programmer from Hell :suss: "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
-
Eddy Vluggen wrote:
The rest of your drivel I not gonna answer to. You entitled to your petty opinions, and that's why I'm paid more.
Fine. I'll keep your comment in mind when judging the quality of other utterings your make at CP.
trønderen wrote:
Fine. I'll keep your comment in mind
Do that.
trønderen wrote:
when judging the quality of other utterings your make at CP.
You not in any position to judge me. Go ahead. It's a free world.
Bastard Programmer from Hell :suss: "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
-
trønderen wrote:
Fine. I'll keep your comment in mind
Do that.
trønderen wrote:
when judging the quality of other utterings your make at CP.
You not in any position to judge me. Go ahead. It's a free world.
Bastard Programmer from Hell :suss: "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
Eddy Vluggen wrote:
You not in any position to judge me
If you are seriously suggesting that I am morally or professionally "obliged" to take your utterings at face value, with no critical evaluation, assessment or judgement, then your utterings are utterly without any trace of value. Certainly to me - and I think many others would agree. My comment was a response to your response, referring to my post as "drivel" and "petty opinions". That does not put you in any strong position to reject judging opinions about your posts. Feel free to declare yourself as inviolable, but don't expect the rest of the world to honor your wish.
-
Hi all hacking members I am new join
-
20212 wrote:
I don't think you understand your point then.
Not my problem, is it?
20212 wrote:
If all we told people is to use parameterized queries but did not explain why, the lesson would not be learned as well. Explaining how non-parameterized queries can allow someone to hack your db is magnitudes more valuable than just telling them to use parameters.
Again, thanks for proving my point :)
20212 wrote:
1. You can't prove that it's your real name.
I can, there's a photograph on here from me. Look it up. No, no record government linking me to that, I not that much of a fool.
20212 wrote:
2. You can't prove this is not my real name.
Easy, that's not even a legal name; you're not allowed to name children like that. I been a developer for over 20 years. Been concerned with security for the same time. We "know a bit" about the subject :)
Bastard Programmer from Hell :suss: "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
Eddy Vluggen wrote:
there's a photograph on here from me. Look it up.
You're a cat??!! :laugh: :laugh: A picture of a cat is not proof. You pretend to be scientific but don't even know how to prove something. Strange.
Eddy Vluggen wrote:
that's not even a legal name;
Ah yes, because you know the laws of every jurisdiction in this world. :laugh: :laugh: You do have a sense of humor. I like that. :thumbsup:
Eddy Vluggen wrote:
We "know a bit"
Do you have a mouse in your pocket? :laugh: :laugh:
-
Excellent when you are in Cairns we can have a game of golf, I'm only an average hacker though!
Never underestimate the power of human stupidity - RAH I'm old. I know stuff - JSOP
You're more a swinger than a hacker?
-
Eddy Vluggen wrote:
You not in any position to judge me
If you are seriously suggesting that I am morally or professionally "obliged" to take your utterings at face value, with no critical evaluation, assessment or judgement, then your utterings are utterly without any trace of value. Certainly to me - and I think many others would agree. My comment was a response to your response, referring to my post as "drivel" and "petty opinions". That does not put you in any strong position to reject judging opinions about your posts. Feel free to declare yourself as inviolable, but don't expect the rest of the world to honor your wish.
trønderen wrote:
If you are seriously suggesting that I am morally or professionally "obliged" to take your utterings at face value, with no critical evaluation, assessment or judgement, then your utterings are utterly without any trace of value. Certainly to me - and I think many others would agree.
No, of course not. You take them as they are, and do with it what you want.
trønderen wrote:
don't expect the rest of the world to honor your wish.
If you go "hacking", don't expect law to humor your wish about hats. :)
Bastard Programmer from Hell :suss: "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.