Comment on How Spoutible’s Leaky API Spurted out a Deluge of Personal Data
elvith@feddit.de 8 months agoThey basically did. I bet they just used an ORM in the backed and then pointed the API endpoint to the user entity without filtering the fields. This results in a dump of the user table (although row by row indexed by users instead of a full dump)
snooggums@kbin.social 8 months ago
Ahhhh, I was.wondering why they would take the time to set up an API with that data and forgot that almost everything has a way to just dump things into it without needing to be set. I forget because where I work we actively avoid that approach because of risks like this.