1323

The government doesn't use SQL (programming.dev)

submitted 1 week ago by suy@programming.dev to c/programmer_humor@programming.dev

452 comments fedilink hide all child comments

See the post on BlueSky: https://bsky.app/profile/provisionalidea.bsky.social/post/3lhujtm2qkc2i

According to many comments, the US government DOES use SQL, and Musk is not understanding much what's going on.

you are viewing a single comment's thread
view the rest of the comments

[-] asdfasdfasdf@lemmy.world 7 points 1 week ago

Isn't that assuming you have access to doing arbitrary SQL queries on the database? Then you'd by definition have access to records you shouldn't.

[-] borari@lemmy.dbzer0.com 3 points 1 week ago* (last edited 1 week ago)

No. You can have control over specific parameters of an SQL query though. Look up insecure direct object reference vulnerabilities.

Consider a website that uses the following URL to access the customer account page, by retrieving information from the back-end database: https://insecure-website.com/customer_account?customer_number=132355 Here, the customer number is used directly as a record index in queries that are performed on the back-end database. If no other controls are in place, an attacker can simply modify the customer_number value, bypassing access controls to view the records of other customers.

this post was submitted on 11 Feb 2025

1323 points (98.5% liked)

Programmer Humor

20033 readers

1869 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

Feyter@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev

pylapp@programming.dev