HiddenLayer555@lemmy.ml to Programmer Humor@programming.devEnglish · edit-23 months agoSQL Injectionlemmy.mlimagemessage-square18fedilinkarrow-up1273arrow-down15file-textcross-posted to: programmerhumor@lemmy.mlprogrammerhumor@lemmy.world
arrow-up1268arrow-down1imageSQL Injectionlemmy.mlHiddenLayer555@lemmy.ml to Programmer Humor@programming.devEnglish · edit-23 months agomessage-square18fedilinkfile-textcross-posted to: programmerhumor@lemmy.mlprogrammerhumor@lemmy.world
minus-squareCanadaPluslinkfedilinkarrow-up4·3 months agoSo does that imply they already knew the candidate they were hiring, and were just checking if this is the guy?
minus-squareHiddenLayer555@lemmy.mlOPlinkfedilinkEnglisharrow-up3·3 months agoIDK I didn’t think that much into it lol
minus-squareulterno@programming.devlinkfedilinkEnglisharrow-up1·2 months agoYeah, this seems like an exploit for those cases.
minus-squareMadhuGururajan@programming.devlinkfedilinkEnglisharrow-up1·2 months agoNo the interviewer is personification of the naive backend that checks only that a specific row is present in the DB, or that’s how I read it.
minus-squareCanadaPluslinkfedilinkarrow-up1·2 months agoSo I guess the interview is handled by a non-vulnerable intermediate process, which adds the hire to the the main table of employees when at some point in a successful interview, and then calls a notification process that just searches it?
minus-squareMadhuGururajan@programming.devlinkfedilinkEnglisharrow-up2·2 months agoyeah something like “if new candidate in employee DB == hired”
So does that imply they already knew the candidate they were hiring, and were just checking if this is the guy?
IDK I didn’t think that much into it lol
Yeah, this seems like an exploit for those cases.
No the interviewer is personification of the naive backend that checks only that a specific row is present in the DB, or that’s how I read it.
So I guess the interview is handled by a non-vulnerable intermediate process, which adds the hire to the the main table of employees when at some point in a successful interview, and then calls a notification process that just searches it?
yeah something like “if new candidate in employee DB == hired”