MAJOR SECURITY BUG: Possibly Vulnerable to SQL Injections

Not fully vulnerable; If the credentials do not match, it only returns the print statement "Failure". However, if it says something like `print("Wrong password for ", myresult)` for line 167 in main.py, then we have a **big** problem; it will return the account id, username, and hashed password, along with the salt. 

How to replicate this (if the else statement returns something other than "Failure"): 
- run main.py
- Replicate:
![image](https://user-images.githubusercontent.com/70982928/102427002-71d4e780-3fde-11eb-8386-94ab16d5a746.png)
![image](https://user-images.githubusercontent.com/70982928/102427034-81ecc700-3fde-11eb-8e00-9d2491e3e4a9.png)  + hashed password & salt (both not included for security purposes) 

## Again, this is not a **real** threat, however, random apostrophes crash the program. 

Video on how to prevent SQL injection here: https://youtu.be/pd-0G0MigUA?t=898 
###### Credit to: Corey Schafer

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

MAJOR SECURITY BUG: Possibly Vulnerable to SQL Injections #7

Again, this is not a real threat, however, random apostrophes crash the program.

Credit to: Corey Schafer

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

MAJOR SECURITY BUG: Possibly Vulnerable to SQL Injections #7

Description

Again, this is not a real threat, however, random apostrophes crash the program.

Credit to: Corey Schafer

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions