Email or username:

Password:

Forgot your password?
Top-level
Yellow Flag

@tklengyel @thisismissem Where did you read that he dumped the database? My understanding is that he connected to the database in the assumption that it was specific to his client, then disconnected and reported the issue immediately after realizing that it contained data on other customers as well.

4 comments
Tamas K Lengyel

@WPalant @thisismissem Just connecting to the db won't show you what data is in it to determine it's not just your data. So he must have dumped it or at the least queried it sufficiently deeply to make that call.

Beady Belle Fanchannel

@tklengyel @WPalant @thisismissem Just connect to it with a GUI tool like dbeaver (like devs are likely to do), it will show you the schema of tables.
There will be columns like “clientName” or similar, and then doing a few very simple selects will tell you whether you have access to other people’s data.

Beady Belle Fanchannel

@tklengyel @WPalant @thisismissem Mixing customer data like that and giving full access to the database with the given user credentials is criminal neglect and should cost the company dearly. Not the person who figured it out.

Yellow Flag

@Profpatsch @tklengyel @thisismissem According to nitter.net/der_sofc/status/174 he connected with phpMyAdmin. While I haven’t used that tool in decades, that would presumably also expose the database schema immediately.

Go Up