I don't think the request object can be modified by the end user or that it is m... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

keen_poincare on May 11, 2023 | parent | context | favorite | on: Go with PHP

I don't think the request object can be modified by the end user or that it is modified by the server at that point. If my belief is correct, does this code still contain TOCTOU bugs?

VWWHFSfQ on May 11, 2023 [–]

It's the underlying state of the database that will change between these different checks. Not the end-user modifying the request object, which is in PHP memory

keen_poincare on May 15, 2023 | [–]

Thanks for explaining it.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact