• lowleveldata@programming.dev
    link
    fedilink
    arrow-up
    43
    arrow-down
    2
    ·
    8 months ago

    That’s what libraries are for. I’m no security expert and the sensible thing to do is using a library instead of taking a class.

      • gears
        link
        fedilink
        arrow-up
        7
        ·
        8 months ago

        Jesus that was one hell of a thread

      • unique_hemp@discuss.tchncs.de
        link
        fedilink
        arrow-up
        4
        ·
        8 months ago

        Love the part where he claims that if your users are authenticated, it’s not untrusted input. I mean, surely you trust all of your users to run any code on your server, right?

      • Gabu@lemmy.ml
        link
        fedilink
        arrow-up
        3
        ·
        8 months ago

        Impressive and unsurprising. As soon as you start getting complex libraries with multiple dependencies it becomes nearly impossible to review everything. At one time I had an interest in contributing to some AI libraries, but they’re a mess as soon as you go looking for points of improvement.