And the way you resolve the injection is twofold. So the first thing is to verify all the inputs. So, I don’t mean for you to vomit.
I mean, you know, if you have to get a date, you check that it’s a date, you check that it’s in a range, you check the type, you check the format, you check everything about it.
And if something is closed, “No thanks, try again.” Therefore, if everything is as it should be, then you can run away or clean up special bullets, which can be dangerous.
So, if for example, you need to accept the word O’Malley, which has a single quote in it, you accept it and then remove it, or for me, I always escape.
So you put a backslash in front. And then the second part would be if you do any kind of query language, and run it through a stored procedure or a prepared statement.
And what that means is that you choose it as a parameter, which points to it as data. It says directly, this is the data. It can only be treated as data.
And then you bring it to SQL Server, you know, NoSQL, Mongo, whatever you’re using.
And it gets it and says “I understand this is data only.” And do a lot of magic there, which escapes. The most elusive. Then it runs the thing.
So with rapid injection, this is something that the whole industry has perfected, they are working hard on it.
And so I was looking at some of the protections because they actually change over and over again, every month there’s new stuff. And so they do some of that.
So they’re going to do things where they’re going to categorize the data, so there are clear signals when the AI gets it and “these are instructions from the user.” This can only be a context and these must follow the rules and you cannot escape from them.
And there are many different ways they show that.
Also, it sounds weird, but some of them will actually insert an odd character between each word within what the user used.
And then if that character isn’t there, then you know this is invalid. Injected. But there is also sandboxing.
So you take it and put it in a special place where you are “we can be dangerous here and we know it will be here.” And then there’s also— so they call it power reduction.
But what I can say is to exercise a little privilege. And then, you know, do you give every single person where you work in a large secure building a key to every room?
You probably don’t, right? They probably don’t have a key to the CEO’s private office. So, just give it access to the things it really needs.
Should it have read/write access to all databases? It probably doesn’t. Another thing they talk about is the person in the section.
So, getting someone to review and approve things. But guess how well that works, Graham? Yes.
Can you review 5 billion requests per day with a practice where 99.999% of them are correct and they all look the same? Yes. Do you want that person’s job? I don’t want to.
