|
|
|
|
|
|
by Dylan16807
454 days ago
|
|
|
> But there's a vast difference in attack surface between that, and "just give us a string, don't worry we'll sanitize it on our end." If you have a type system that distinguishes between sanitized and unsanitized strings then it's not a very big difference in attack surface. The main difference between the two methods is the risk that you can forget to sanitize. But that's not what happened here, so calling them dumb for having that risk is not a useful way to analyze the problem. Parameters are not an extra layer of defense. For anything other than forgetting to sanitize, parameters are a sidegrade, not defense in depth. |
|
|