Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

In case the import of this epic retort is lost on anybody: in the real world, you have to pick and code your defense and then the attacker, who gets essentially infinite time to observe the behavior of your defenses, gets to pick their attack string(s).

Do not rely on regular expressions or blacklists to sanitize code for you. It will not end well.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: