-
@ NodlAndHodl
2025-05-01 02:26:46
But to be fair, the argument is much more nuanced. I've worked in some legacy code bases that were poorly implemented and SQLi attacks would have been likely if publicly exposed. Most of it was internal systems so the chance was much lower, but still. The use of modern ORM's and sanitizers make it less likely, but still feasible if poorly implemented. That goes for noSQL as well. I agree with nostr:nprofile1qqsza7flq8xjfylqgg66dwrmzrfuff6w9flt0s72795zdrm27ue3fdgpz3mhxue69uhkgetnvd5x7mmvd9hxwtn4wvq3vamnwvaz7tmzd96xxmmfdejhytnnda3kjctvqy28wumn8ghj7un9d3shjtnyv9kh2uewd9hst2kvsc that datastores are a detail and not the end all be all. Design of data access is difficult to get right and most tutorials online are why it's done like shit.
https://softwareengineering.stackexchange.com/questions/366572/what-does-robert-c-martin-mean-by-sql-being-unnecessary