Hacker News .hnnew | past | comments | ask | show | jobs | submitlogin

A slight feeling of disappointment after reading this post (and the linked PDF). Partly because the 'attacks' listed are nothing new (we know eval() is evil), and partly because it's 2011 and people are still writing code like this.


"A slight feeling of disappointment... the 'attacks' listed are nothing new (we know eval() is evil), ... it's 2011 and people are still writing code like this."

I'm not sure I understand this line of thinking? As you say, people are still writing code like this -- why shouldn't these problems be called out?


I don't think he's disappointed that it's being called out; rather, he's disappointed that these things still happen.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: