Love the part where he claims that if your users are authenticated, it’s not untrusted input. I mean, surely you trust all of your users to run any code on your server, right?
My best guess is it’s a play at the usual “all you do in python is import libraries without knowing how they work lololol” dig but yeah, I don’t find it particularly funny either
How is this funny? 8 Upvotes at current writing???
It’s kind of funny because it looks like it is nonsense dreamt up by a non-programmer. But it actually works.
I thought it was poking fun at the tutorial saying instead of learning to code, import a library from someone who knows how to code.
That’s what libraries are for. I’m no security expert and the sensible thing to do is using a library instead of taking a class.
Counterpoint: “not knowing your libraries” + “blind trust in the maintainer” will give you stuff like this: https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in
(the thread itself is worth a read. But also very impressive is the list of big players who fell for exactly this mentality)
Love the part where he claims that if your users are authenticated, it’s not untrusted input. I mean, surely you trust all of your users to run any code on your server, right?
It’s basically import antigravity
Because this example isn’t really programming, it’s just calling an existing library. Which is the big joke about Python.
My best guess is it’s a play at the usual “all you do in python is import libraries without knowing how they work lololol” dig but yeah, I don’t find it particularly funny either