Post A9AmGJW6MbhpGCOW5A by clonejo@social.troll.academy
 (DIR) More posts by clonejo@social.troll.academy
 (DIR) Post #A9AmGJW6MbhpGCOW5A by clonejo@social.troll.academy
       2021-07-08T17:08:35Z
       
       0 likes, 0 repeats
       
       I am again amazed how many people do not know about shell injection attacks[1] and the difference between running a command directly (eg. `ProcessBuilder` in Java), or invoking a shell to run a command (often called `system()`). The problem is _exactly the same_ as SQL injections, yet everyone knows about SQL injections, and barely anyone about shell injections.[1]: https://en.wikipedia.org/wiki/Code_injection#Shell_injection#security #itsec
       
 (DIR) Post #A9AmGK48K4vaxkJh7w by js@mstdn.io
       2021-07-11T07:59:32Z
       
       1 likes, 0 repeats
       
       @clonejo It’s especially bad with the memory safe languages: “Oh, my language is safe, so nothing can happen and I don’t have to care.” We need to stop calling languages safe. Just because it is memory safe, it is not safe, and we must stress that. Otherwise people just ignore security.