I've decided to retire this blog — I don't really see myself updating it any time soon, and haven't for over two years anyway. I intend to leave the content on-line for the forseeable future, but have converted it to a static site. As a result, dynamic things like search and comments aren't really going to work.

You can find me on Twitter or on Google+ if you like. Alternatively, I'm usually on IRC as LawnGnome on Freenode.

Thanks for reading!

Hi, My Name is ‘); DROP TABLE GuestBook; –

One of the units I’m doing this semester is Internet and Java Programming, albeit not by choice — it’s a required unit for the Computer Science major here. Whether that actually makes sense is a debate for another blog post, but today’s lecture and workshop featured some gems. In particular, I wanted to share these three slides:

Slide the first Slide the second Slide the third

Now, I’m no Java expert, but that looks like a big fat SQL injection vulnerability to me. If so, it’s good to know we’re teaching our graduates of the (near) future secure coding practices. For the record, the sole mention of prepared queries in the course appears to have been a throwaway line in last week’s JDBC lecture which didn’t mention why you might want to use them. Oh, and the textbook uses very similar examples too, and fails to mention any potential problems even in the chapter on security.

It’s days like this I wonder why I tossed in a good job to finish my degree this year. 0.59 semesters to go.

(Slides © 2007 Edith Cowan University; fair dealing usage asserted under the criticism and review provisions of Australian copyright law.)

Comments are closed.