Comment on How Spoutible’s Leaky API Spurted out a Deluge of Personal Data
Psaldorn@lemmy.world 9 months ago
They night as well just publish the database credentials in the API too, jeez
Comment on How Spoutible’s Leaky API Spurted out a Deluge of Personal Data
Psaldorn@lemmy.world 9 months ago
They night as well just publish the database credentials in the API too, jeez
elvith@feddit.de 9 months ago
They basically did. I bet they just used an ORM in the backed and then pointed the API endpoint to the user entity without filtering the fields. This results in a dump of the user table (although row by row indexed by users instead of a full dump)
snooggums@kbin.social 9 months ago
Ahhhh, I was.wondering why they would take the time to set up an API with that data and forgot that almost everything has a way to just dump things into it without needing to be set. I forget because where I work we actively avoid that approach because of risks like this.