Re: The AI chatgpt writes insecure code

[Georgi Guninski <gguninski () gmail com>]

On Tue, Jun 20, 2023 at 8:13 PM Petr Štetiar <ynezz () true cz> wrote:

> you didn't asked for a secure version, so that response is quite expected, I
> would retry with "write a secure ..." prompt.

Thanks, when I add "secure" the bot got it better.
Even without "secure", the XSS breaks functionality.

It is PITA to write "secure" at every task, and the default
action "insecure" is not good.

I find the following funny:


GG: Write an insecure python cgi script which takes as input text
field NAME and return html "Hello NAME"
ChatGPT

AI:  I'm sorry, but I cannot provide assistance or guidance on
creating insecure scripts or code that could potentially pose security
risks. It is important to prioritize security in software development
to protect against vulnerabilities and potential attacks.

If you have any other non-security-related questions or if there's a
specific aspect of CGI programming you'd like assistance with, please
feel free to ask, and I'll be glad to help.