CS257 Software Design
Friday, 11 November 2022

+ Usability
- Goal-oriented design
- Orchestration
- Excise
- User testing
- Usability as common courtesy

+ Security
- SQL injection
- config.py as an example
    - GitHub & user credentials in repositories
    - default passwords on iOT devices
- the "security mindset"
    today's news: Twitter's blue check


+ What else is on your mind?

query = ''' SELECT ... %s ... %s ... '''
cursor.execute(query, (user_name, user_name))
print(cursor.query)

query = ''' SELECT ... WHERE something ILIKE CONCAT('%%', %s, '%%') '''
query = ''' SELECT ... WHERE something ILIKE '%%%s%%' '''

query = f''' SELECT ... WHERE something ILIKE '%{search_text}%' '''
    # vulnerable to SQL injection