lederhosen: (Default)
lederhosen ([personal profile] lederhosen) wrote2008-04-23 05:43 pm
  • Add Memory
  • Share This Entry

Not such a good idea

Via RISKS:

The Oklahoma Department of Corrections published a web interface where the URL contained the SQL query executed to retrieve the data to be reported. Thus, any knowledgeable user could execute general SQL queries against a database containing large amounts of personal information -- including UPDATE statements (!) It was taken down only after management was shown that THEIR personal information was available.
Threaded | Flat

[identity profile] cheshire-bitten.livejournal.com 2008-04-23 09:59 am (UTC)(link)
That is creepy.

[identity profile] chaos-crafter.livejournal.com 2008-04-23 10:18 am (UTC)(link)
UI've been meaning to write a site like that. :) The thing is I plan to do one that appears to generate results, but is actually making them up. Also after the nth request from the same place it starts responding with things like "You just don't get it do you? I'm making this all up"

[identity profile] terrycloth.livejournal.com 2008-04-23 06:07 pm (UTC)(link)
It was the sex offenders' registry. You could *add* people to the sex offenders' registry.
Threaded | Flat