• 1 Post
  • 114 Comments
Joined 6 months ago
cake
Cake day: August 6th, 2024

help-circle


  • SQL injection is like this: you have something you can interact with on the browser like a form containing different values.

    You hit a button and that value is sent and merged into a SQL query.

    Say the value is an user ID and you’re deleting an account, perhaps your own.

    If the coder is incompetent the API will run this query: “DELETE FROM USERES WHERE ID = <id in form>”

    Which means that if you open the developer console, change the value field for that html ID you can break that SQL line and write more SQL, or you can delete other users based on their ID.

    Essentially editing a frontend input allows that input to be ran directly by the SQL engine. It’s like having full access.

    So through that ID field you can inject more SQL code. There’s multiple ways to do this, sometimes the URL itself on a website uses these query parameters like "&search=something” and the “something” is injected into the SQL string.

    SQL injection is baby’s first exploit, this method is like granting everyone DB access.


  • _____@lemm.eetolinuxmemes@lemmy.worldIt broke again
    link
    fedilink
    English
    arrow-up
    1
    ·
    3 days ago

    My piece of advice if you have 2 drives, and this goes for any OS not just Linux.

    1. drive for your OS
    2. drive purely for storage. never store anything in the 1 drive except for user installed programs or updates.

    that way you can wipe the first drive whenever you run into anything or you want to change anything without being worried about losing data

    make sure your browser is using a password manager so stored passwords don’t vanish




  • _____@lemm.eetolinuxmemes@lemmy.worldIt broke again
    link
    fedilink
    English
    arrow-up
    2
    ·
    4 days ago

    A mistake people make very often is to conflate the distro with a “look” or “theme” to the UI, and it’s not their fault.

    Distros bundle a desktop environment which contains many applications used to navigate the computer graphically with things like “file managers” such as Windows explorer for example.

    A DE can bundle lots of programs or very few and these programs differ in looks and functionality, not only that but these programs can be installed / uninstalled regardless of what distro you’re using.

    In short: distro doesn’t affect DE but must distros bundle a DE based on things like philosophy, functionality or maybe just looks.

    There are many DEs which is why I suggested installing CachyOS as part of the installation shows you options, you can try them out rewipe the drive, try out another one in less than 3 minutes. So it’s the perfect sandbox environment to try new things. I guess you can use VMs as well, not sure how well cachyos works on VM.


    As a personal note on DEs when I first used Linux about 5 years ago I used KDE plasma because I thought it was the most windows-like. But I had many issues with KDE, chances are if you use your search engine you’ll see similar complaints about it which I likely share.

    5 years in the future my favourite DE is basically using Sway and a file manager like Nautilus. Sway has Swaybar as a status bar and that’s really all I need.

    Not sure if Sway counts as a DE though, I think it’s a window manager first and foremost.









  • _____@lemm.eetoProgrammer Humor@lemmy.mlErrors
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    22 days ago

    that’s IIS as well, I think it’s because we had our severs configured in a reverse proxy and hitting IIS and failing before the http serverhad returned a response caused the 502 error, completely useless error.

    (not very experienced with server configs so forgive me if the language isn’t 100%)