loading...

Discussion on: What are the worst security practices you've ever witnessed?

Collapse
tchaflich profile image
Thomas C. Haflich

Once found someone sending a SQL query from JavaScript to an API for execution on the server. Yes, they wrote the query on the frontend.

(Yes, I did try to do a little poking around, but not enough to mess with anything! And yeah, you could do whatever queries you wanted. Nothing was escaped, either.)