If spammers can abuse something, they gonna abuse it

  • ComradeKhoumrag@infosec.pub
    link
    fedilink
    arrow-up
    7
    arrow-down
    1
    ·
    10 months ago

    Typically the security conscious webdev still needs to define an API to their database. It’s bad practice to let users hit the DB directly.

    Now, if you hack the API then sure you can start hacking the database, but first you have to hack the API to the database which raises the costs of cyberwar