• surewhynotlem@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    If that’s a pass through, that’s bad.

    If that’s used for authentication, authorization, credential limiting, or rate limiting, then sure.

    • sebsch@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      There is no context in this world validating this level of unsanitized SQL. Even for internal use this is bad, since it bypasses the auth of server and dbms.