undefined | Better HN

0 pointspost-it1mo ago0 comments

> Maybe I'm just lucky that my colleagues all have Uni degrees in CS and at least a few years experience.

That's why. I was using Claude the other day to greenfield a side project and it wanted to do some important logic on the frontend that would have allowed unauthenticated users to write into my database.

It was easy to spot for me, because I've been writing software for years, and it only took a single prompt to fix. But a vibe coder wouldn't have caught it and hackers would've pwned their webapp.

0 comments

giancarlostoro1mo ago

You can also ask Claude to review all the code for security issues and code smells, you'd be surprised what it finds. We all write insecure code in our first pass through if we're too focused on getting the proof of concept worked out, security isnt always the very 1st thing coded, maybe its the very next thing, maybe it comes 10 changes later.

blibble1mo ago

> We all write insecure code in our first pass through

no, we don't

giancarlostoro1mo ago

Yes we do, you don't just start a brand new web project and spit out CORS rules, authentication schemes, roles, etc in one sitting do you? Are you an AI?

4 more replies

j / k navigate · click thread line to collapse

0 pointspost-it1mo ago0 comments

> Maybe I'm just lucky that my colleagues all have Uni degrees in CS and at least a few years experience.

It was easy to spot for me, because I've been writing software for years, and it only took a single prompt to fix. But a vibe coder wouldn't have caught it and hackers would've pwned their webapp.

0 comments

giancarlostoro1mo ago

blibble1mo ago

> We all write insecure code in our first pass through

no, we don't

giancarlostoro1mo ago

Yes we do, you don't just start a brand new web project and spit out CORS rules, authentication schemes, roles, etc in one sitting do you? Are you an AI?

4 more replies

j / k navigate · click thread line to collapse