Why Do Web Developers Keep Making The Same Mistakes? - Slashdot

Slashdot

●Stories

●Firehose

●All

●Popular

●Polls

●Software

●Thought Leadership

Submit

Search Slashdot

● Login

●or

● Sign up

●Topics:

●Devices

●Build

●Entertainment

●Technology

●Open Source

●Science

●YRO

●Follow us:

●RSS

●Facebook

●LinkedIn

●Twitter

● Youtube

● Mastodon

●Bluesky

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

Nickname:

Password:

Public Terminal

Forgot your password?
Close

This discussion has been archived. No new comments can be posted.

Why Do Web Developers Keep Making The Same Mistakes? More Login

Why Do Web Developers Keep Making The Same Mistakes?

Load All Comments

Full Abbreviated Hidden

/Sea

Score:

5

4

3

2

1

0

-1

More Login

Nickname:

Password:

Public Terminal

Forgot your password?
Close

Close

Search 335 Comments Log In/Create an Account

Comments Filter:

● All

● Insightful

● Informative

● Interesting

● Funny

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Wrong (Score:5, Insightful)

byhcs_$reboot ( 1536101 ) writes:

That's not the same web devs making those same mistakes. Developers with some experience do not write code that fails against easy sql-injection. But companies prefer to hire younger inexperienced devs for the reasons that have been discussed here on /. many times.

Re: (Score:5, Insightful)

bycardpuncher ( 713057 ) writes:

More to the point, why should these serious "mistakes" be possible at all.
If these errors keep occurring, you have to stop blaming the web developers and start blaming the technology. There is no good reason that cross-site scripting or session hacking should even be possible. It's a mad idea to turn user input into a human-readable SQL command string when no human needs to read it.
The problem is that we stared off with insecure shoddy hacks and there has been a whole slew of incremental mitigations, no

Re:Wrong (Score:3)

bydavid_thornley ( 598059 ) writes: on Monday October 30, 2017 @12:53PM (#55458407)

The mistakes are possible because they aren't always mistakes.
How do you prevent SQL injection? Putting user input into other strings is a reasonable thing to do. Passing a string to the database is a reasonable thing to do. It would be a pain to use parameterized SQL for everything, and I don't know of a database that does.
There's ways to sanitize a user-entered string so it can't be used for cross-site scripting. Make that mandatory for using user-entered strings and you'll break some other stuff.
Most of the common errors have solutions that require a certain amount of judgment.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Slashdot

Moderate Moderator Help Delete

● Get more comments

● Submit Story

It is much harder to find a job than to keep one.

●FAQ

●Story Archive

●Hall of Fame

●Advertising

●Terms

●Privacy Statement

●About

●Feedback

●Mobile View

●Blog

Icon

Do Not Sell or Share My Personal Information

Copyright © 2026 Slashdot Media. All Rights Reserved.

×

Close

Close

Slashdot

Working...