It is only safe for the SQL server. An injection attack could still be targeting... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		eurasiantiger on Oct 17, 2022 \| parent \| context \| favorite \| on: How boring should your team's codebases be It is only safe for the SQL server. An injection attack could still be targeting a cache (to poison it with e.g. a malicious script), the browser (to steal data via XSS/CSRF) or the user (show an error message telling them to contact malicious number).

P5fRxh5kUvp2th on Oct 17, 2022 [–]

What the person said

> "You can stick any user input into a database query and you'll be fine"

Besides which, pretend SQL Server is a glorified cache, the result is the same.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact