> You're right of course, but I think the idea of this software is that the user (and, by extension, their input) are trusted.
No, you should enforce the most basic security practices even if the users are "trusted". Somebody might put that on the internet for a demo for client and get hacked in no time, because the code is opened to SQL injection. This isn't acceptable. There are minimum security standards every project should follow.
And since none of the minimum security standards are implemented in that project, I would not recommend using it until they are.
No, you should enforce the most basic security practices even if the users are "trusted". Somebody might put that on the internet for a demo for client and get hacked in no time, because the code is opened to SQL injection. This isn't acceptable. There are minimum security standards every project should follow.
And since none of the minimum security standards are implemented in that project, I would not recommend using it until they are.