This is a really awesome article that explains the technical aspects in a way that makes sense to non-coders, without having to over simplify. I feel like this sort of writing should be much more appreciated. Also, the graphic at the top has no business being that good, this whole piece is a banger.
this post was submitted on 13 Feb 2024
86 points (98.9% liked)
Technology
59148 readers
2006 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
That's so over the top bad it's almost ridiculous
They might as well just publish the database credentials in the API too, jeez
They basically did. I bet they just used an ORM in the backed and then pointed the API endpoint to the user entity without filtering the fields. This results in a dump of the user table (although row by row indexed by users instead of a full dump)
Ahhhh, I was.wondering why they would take the time to set up an API with that data and forgot that almost everything has a way to just dump things into it without needing to be set. I forget because where I work we actively avoid that approach because of risks like this.
Oh dear, I had heard of this hack before, but I had not seen it laid out like this. Oh dear god, that's bad.
Buy code on Fiverr, get code on Fiverr.