One of the units I’m doing this semester is
Internet and Java Programming, albeit not by choice — it’s a required unit for the Computer Science major here. Whether that actually makes sense is a debate for another blog post, but today’s lecture and workshop featured some gems. In particular, I wanted to share these three slides:
Now, I’m no Java expert, but that looks like a big fat SQL injection vulnerability to me. If so, it’s good to know we’re teaching our graduates of the (near) future secure coding practices. For the record, the sole mention of prepared queries in the course appears to have been a throwaway line in last week’s JDBC lecture which didn’t mention why you might want to use them. Oh, and the textbook uses very similar examples too, and fails to mention any potential problems even in the chapter on security.
It’s days like this I wonder why I tossed in a good job to finish my degree this year. 0.59 semesters to go.
(Slides © 2007 Edith Cowan University; fair dealing usage asserted under the criticism and review provisions of Australian copyright law.)