I’m getting a bit sick of large corporations a) demanding excess data as a condition of doing business with me, b) allowing it to be stolen, and c) giving zero fucks about it.

What are some things that us netizens can do to make our displeasure known.

Extra points for funny ideas.

      • PM_Your_Nudes_Please@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        14 hours ago

        It’s an SQL injection joke.

        Basically, when dealing with databases, you can use SQL to search or modify the data in that database. By default, you can do this by polling the database with an SQL query. But this introduces a vulnerability called SQL injection. Basically, imagine if instead of filling in a name in the “Name” field, you filled in an SQL query. If the database admins haven’t protected themselves against it, then the database will happily run that query; You have just injected an SQL query into their database. Maybe you’re a malicious attacker, looking to get a virus onto the system, or looking to extract the data.

        Protecting the database from injection is done with something called sanitizing. Basically, you set up filters to disallow SQL, so it can’t touch your database. In this comic, the database admins didn’t do that, so they were unprotected.

        The actual SQL uses the student’s middle name to search for any tables named “Students” and permanently delete it. The joke is that when the school admin staff enters his name into their database, it will delete any tables named “Students” and wreck their database.

        • mnemonicmonkeys@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          19
          ·
          1 day ago

          Still, any programmer worth their salt should filter their inputs. One group at work refuses to do it and they always get away with it and it’s infuriating

          • PM_Your_Nudes_Please@lemmy.world
            link
            fedilink
            arrow-up
            4
            ·
            14 hours ago

            One group at work refuses to do it

            Sounds like a huge liability to the company.

            and they always get away with it

            Until they don’t. All it would take is one malicious actor (competing company, spurned employee, data thief, etc) wrecking/stealing their entire database with an injection attack.

            • mnemonicmonkeys@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              1
              ·
              13 hours ago

              Their exact position would make it significantly less likely, since they aren’t working with databases, but software for individual products. That being said, it’s still shitty practice