“framework”, found your problem. Frameworks save time by ignoring how code works. Folks taught upon a Framework have no real idea what its produced code does.
All observations support it. All reviewed generated bloatware supports it. I’ll stand by my, assumptions, until there is any direct evidence against them discovered.
Typically the security conscious webdev still needs to define an API to their database. It’s bad practice to let users hit the DB directly.
Now, if you hack the API then sure you can start hacking the database, but first you have to hack the API to the database which raises the costs of cyberwar
These days you have to actively work against whatever framework you are using to get SQL injection to work.
“framework”, found your problem. Frameworks save time by ignoring how code works. Folks taught upon a Framework have no real idea what its produced code does.
A whole lot of assumptions there, buddy.
All observations support it. All reviewed generated bloatware supports it. I’ll stand by my, assumptions, until there is any direct evidence against them discovered.
Okay, just spare us from your opinions.
no
Typically the security conscious webdev still needs to define an API to their database. It’s bad practice to let users hit the DB directly.
Now, if you hack the API then sure you can start hacking the database, but first you have to hack the API to the database which raises the costs of cyberwar