Could this be the worst security hole ever? The Oklahoma Department of Corrections' sex offender database site allowed users to issue arbitrary SQL queries on their database (which contained the complete details of anyone who has ever been on the wrong side of the law). The "print friendly link" took, as its argument, a SQL query, which it would then execute. Which, of course, means that not only could someone get enough details about anyone in the database to steal their identity, but could quite possibly insert arbitrary data into the government's official sex offender database. You can probably imagine the kinds of fun that someone could have with that.

Want to say something? Do so here.

Note to spammers: This comment system applies the rel=nofollow attribute to the poster's URL and all links. Posting links to this page will not improve their search engine rankings.

Display name:
URL:(optional)
To prove that you are not a bot, please enter the text in the image on the right in the field below it.

Your Comment:

Remember my details.

Please keep comments on topic and to the point. Inappropriate comments may be deleted.

Note that markup is stripped from comments; URLs will be automatically converted into links.