This may sound obvious to you, but it isn't. Developers commit code which they neither understand nor question. Maybe it worked in the first place. Maybe it will break something else. Either way, it creates the base for technical debt, bugs, security vulnerabilities, and even worse: developers who do not grow.

This problem was surely not created by AI, but the rapid adoption of it is amplifying those effects.

Some years ago when I built the software for an online ticketing platform, we wanted to have turnstiles which can be used to improve the pass through rate of the ticket scanning process at larger events.

We found a fitting product and the seller promised us that the controller of the turnstile can easily be integrated into our local on-site application. Of course it was not as easy as promised. We only received a DLL as an SDK for C++ for the protocol called LL268 and a demo application. So how to integrate this turnstile into our software?

Well, eventually I was able to reverse engineer the core functionality of the API so we were able to use it for our purpose. Since the product is not used any longer, I can finally write about it.

Although authorization sounds similar to authentication and a relationship between the two exists, they are not the same and play a different role in the data security process.

In 2021, Broken Access Control moved up from the fifth to the first position in the OWASP Top10. Besides, I did report some serious vulnerabilities to SaaS companies regarding unhandled authorization in the last months.

That's why it is important to know the difference between the two and what else to take care of to protect resources and information from being read or altered by third parties which should be prevented from doing so in order to secure web applications.

MySQL has supported Full-Text Search (FTS) functionality for quite some time. The (FTS) capability was already introduced in MySQL version 3.23.23, which was released in September 2001, and yet I have never used it - until now.