@naehalmulazim
Recently the editing on this channel has gone through the roof in quality. I wasn't ready for that face when you said 'innocent code' π And the creepy music on top of it π¨
@discreaminant
Common lesson: never trust user inputs
@Hendika
Beautiful and simple explanation!
@zgglmc
What are you using for the code visualizations?
@effektgeraeteinfo
Very basic but important information. But not very useful if you don't present any possible solutions.
@RandomGeometryDashStuff
02:53 raw password sent to sql? no hashing?
@christopherg2347
I learned that servers should have a custom account with the absolute minimum rights possible. Read access to the program and content directory. Maybe write rights to a temp directory inside of content, if you are feeling risky. If that first one works, the code wasn't the only one that messed up. The rest is xkcd 327, Exploits of a Mom.
@balex259
Never, never save raw dataβ¦π’
@thomaskilian3370
Hi! Nice Video! @4:17 the SQL query is different to what was shown previously? Like WHERE email=ββ OR password=ββ instead of AND?
@anon_y_mousse
Technically those are all the same flaw, trusting user input, but they do take place in different contexts, so it's fine. Every programmer should always be aware that if you're writing production code, don't trust user input at all. You can't trust users even a tenth as far as you can throw them.
@excelmaster2496
6:00 another security flaw, don't leak your own session token
@socratesutui4466
Simple and amazing!
@darylewalker6862
What do you know, itβs lilβ Bobby Tables.
@JulesKruijtzer
These videos are why I subbed π
@thelost8203
Now how to avoid this?
@__christopher__
Of course storing the plaintext password in the database is a security blunder all by iself. So an SQL injection from the password field indicates you having more than one security flaw.
@bndrmrtn1859
noone skips prepared statements imo
@parlor3115
@6:00 I stole my own session token, yay *brain farts*
@Liz4rdMan
Nice video, please provide solutions next time
@Dexter101x