DEV Community

Discussion on: What are the worst security practices you've ever witnessed?

Collapse
 
bradtaniguchi profile image
Brad • Edited

Using eval in nodejs to evaluate client-side input values. The original developer not only used eval when more sensible approaches existed, but turned off linting multiple times to be able to write it.

One of the few times I legit walked out of the room.


For those unaware this basically meant the original developer jumped through a few hoops to open up the server to server-side code injection, honestly couldn't of been much worse 😢