logoalt Hacker News

pferdetoday at 8:50 AM1 replyview on HN

If it used one of the standard system APIs for looking up user accounts (e.g. getpwnam(3)), there's no way it can happen.

This is incredibly bad engineering, on level of a SQL injection, in 21st century. Something a highschool student experimenting with scripting could come up with, but not a supposedly professional software company.


Replies

bestoufftoday at 9:28 AM

Agreed.