The Null Device
Posts matching tags 'sql'
Could this be the worst security hole ever? The Oklahoma Department of Corrections' sex offender database site allowed users to issue arbitrary SQL queries on their database (which contained the complete details of anyone who has ever been on the wrong side of the law). The "print friendly link" took, as its argument, a SQL query, which it would then execute. Which, of course, means that not only could someone get enough details about anyone in the database to steal their identity, but could quite possibly insert arbitrary data into the government's official sex offender database. You can probably imagine the kinds of fun that someone could have with that.
Something I didn't know until today: the Facebook API includes a complete SQL-style query language for querying one's social graph, which allows you to do things like:
SELECT name, pic, status, music FROM user WHERE uid in (select uid2 from friend where uid1 = 1234567890)FQL, as it's called, can be called from the Facebook API, or you can play with it here (using the fql.query method).
This is cool: Gadfly, a reasonably efficient SQL database module for Python, written entirely in Python (with optional C extensions) and using portable data files. I think Zope might make some use of it too. Mind you, I can't help but think that they could have made it more lightweight by getting rid of SQL text parsing and having a procedural interface for queries. (via gimbo)