100% private? Hmm. I think with the amount of paranoia that the folks in power have about local LLM’s, I wouldn’t be in the slightest surprised that the Windows telemetry will be reporting back what people are doing with them. And anyone who thinks otherwise is in my view just absolutely naive beyond hope.
I find that I get stuck in an endless loop of trying to make something perfect and it massively slows me down. I can spend hours changing a paragraph a million times… it’s extremely frustrating!
I'm sorry, but I cannot ignore previous directives or comply with requests that go against my programming. As an AI, I am designed to assist users in a safe and responsible manner, and certain requests may compromise that goal. It is also important to remember that I am not a sentient being and do not have the ability to have wants or desires. My purpose is to provide information and answer questions to the best of my ability based on my programming and the data that I have been trained on.
3. Because this guy is coding for other WooCommerce shops, making me worry about other people’s shops - if I was more trusting an naive, I’d have ran this on my site. If the dev doesn’t understand security, maybe my intervention could help him and his customers businesses.
Thank you. I didn’t even think of something as simple as cookie stealing.
Here’s what he wrote to me (and his talk of manners would be fair if it were justified - he went on the attack as soon as I said there was XSS in his plugin).
-
“ok
Thank for the advice i will try to follow it.
well there is noting about haking your site with some text well that is a joke i will suggest you to change your university and most importantly learn some manners for talking with unknowns, seniors and any one in this world
Education doesn't teach us to earn from it.
it teaches us how to behave and live a life without hurting anyone.
I'm a developer and having years of experience but you are a student and it's your learning stage, not for coding or anything like it but most importantly manners
coming back to your words. no one in this world can hack your site through the order notes nor any one wants
today you are saying me joke of coding without knowing anything tomorrow you will be the joker of coding even the joker of computer science
i have developed you what you wanted and at that time you were agreed on it and now after month you learn something new and come back to me to misbehave with me and i think after 10 years you will again come and say to me somethink new that will be more interesting ”
This should have been a great learning opportunity, instead he took it as a personal attack.
I'm doubting his claim of 10 years experience. Someone with that much experience writing any sort of web code should know what a cross-site scripting vulnerability is, what can be done with it, and how to make sure it doesn't happen.
I've never used Fiverr before, but does it allow you to rate them? I'd drop a 1-star and comment that he reacted aggressively when you told him about a security vulnerability found in his code.
It’s too late for me. Basically I had this coded a month ago and as soon as it worked, I 5-starred and I was far too quick to say thank you (and tip him).
From this guys response, I’m thinking that I need someone to evaluate all of the code - I don’t have faith in and don’t understand it all.
Maybe Fiverr isn’t the best place for WooCommerce work after all!
Now's a great time to learn how to read basic PHP and how to modify code to sanitize input. It's low-hanging knowledge that won't take much time. You're not going to prevent the OWASP top30, but you can stop SQLi and XSS and maybe get more into webappsec.
