Closed rmallensb closed 4 years ago
Any thoughts on this thread?
Okay, @yubico, what the hell. https://yubico.com/support/security-advisories/ysa-2020-01/ SQL injection. In a product by a security vendor. In 2020. And you fixed it with "data validation"?!?! Not prepared statements?!? Not even just escaping the params‽‽‽‽ This is downright criminally irresponsible code.
Okay, @yubico, what the hell.
https://yubico.com/support/security-advisories/ysa-2020-01/
SQL injection. In a product by a security vendor. In 2020. And you fixed it with "data validation"?!?! Not prepared statements?!? Not even just escaping the params‽‽‽‽
This is downright criminally irresponsible code.
Any thoughts on this thread?