Hacker News new | ask | show | jobs
by jacobwcarlson 3374 days ago
Assuming input is from a benign source is literally the cause every single security issue ever. It's bizarre that I've been downvoted for this. And you're commenting about how I'm wrong without even reading the code. I seriously don't understand this site.
2 comments
CJefferson 3374 days ago
I've read it, it's sloppy but fine.

The same user who feeds in the values for 'system' is also trusting the program with their bitcoins! This is (in my opinion) like saying "bash" is a security issue because you can give it bash scripts.

link
Steeeve 3374 days ago
I, for one, am astounded at the responses in this thread of discussion.

> why shouldn't my financial system be as open as bash?

Oh my lord...

link
xapata 3373 days ago
... but it ain't your financial system. Unless I've seriously misunderstood the README.

I put my cups in the dishwasher, not the autoclave. I use 2fa for my financial accounts, but not for my frisbee league. Security is about appropriate paranoia.

link
Steeeve 3373 days ago
In no scenario is it better to allow arbitrary hidden process creation than to spend 10 minutes writing a function that validates parameters provided to launch a process.
link
xapata 3373 days ago
I respectfully disagree.
link