Remix.run Logo
coldtea 5 hours ago

It's not about if it can happen or if it happens.

It's about how easily it's mitigated completely. Use a proper db library which does escaping and it's completely eliminated.

brookst 2 hours ago | parent [-]

Nit: modern DB libraries use wire protocols where SQL injection is mitigated by modeling parameters; it’s not just assembled to one big SQL statement and escaped.

Agree with your point though. There will come a time when properly designed LLM apps are not vulnerable, and there will still be poorly designed apps that are.