Programmer Humor

23136 readers

1169 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

Feyter@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev

pylapp@programming.dev

1340

The government doesn't use SQL (programming.dev)

submitted 2 months ago by suy@programming.dev to c/programmer_humor@programming.dev

448 comments fedilink hide all child comments

See the post on BlueSky: https://bsky.app/profile/provisionalidea.bsky.social/post/3lhujtm2qkc2i

According to many comments, the US government DOES use SQL, and Musk is not understanding much what's going on.

you are viewing a single comment's thread
view the rest of the comments

[–] codexarcanum@lemmy.dbzer0.com 275 points 2 months ago* (last edited 2 months ago) (51 children)

I'm sure folks on here know this, but you know, there's also that 10K a day that don't so...

What makes this especially funny, to me, is that SSN is the literal text book example (when I was in school anyway) of a "natural" key that you absolutely should never use as a primary key. It is often the representative example of the kinds of data that seems like it'd make a good key but will absolutely fuck you over if you do.

SSN is not unique to a person. ~~They get reused after death, and a person can have more than one in their lifetime (if your id is stolen and you arduously go about getting a new one).~~ Edit: (See responses) It seems I'm misinformed about SSNs, apologies. I have heard from numerous sources that they are not unique to a person, but the specifics of how it happens are unknown to me.

And they're protected information due to all the financials that rely on them, so you don't really want to store them at all (unless you're the SSA, who would have guessed that'd ever come up though!?)

It's so stupid that it would be hilarious if people weren't dying.

[–] asdfasdfasdf@lemmy.world 5 points 2 months ago (7 children)

Just curious, but if SSNs were not recycled after death, would there be any reason not to use them as a primary key?

[–] franzfurdinand@lemmy.world 15 points 2 months ago* (last edited 2 months ago) (1 children)

They're sequential, so the values above and below yours are valid SSNs of people born in the same hospital around the same time.

This would make it trivially easy to get access to records you shouldn't

[–] asdfasdfasdf@lemmy.world 7 points 2 months ago (1 children)

Isn't that assuming you have access to doing arbitrary SQL queries on the database? Then you'd by definition have access to records you shouldn't.

[–] borari@lemmy.dbzer0.com 3 points 2 months ago* (last edited 2 months ago)

No. You can have control over specific parameters of an SQL query though. Look up insecure direct object reference vulnerabilities.

Consider a website that uses the following URL to access the customer account page, by retrieving information from the back-end database: https://insecure-website.com/customer_account?customer_number=132355 Here, the customer number is used directly as a record index in queries that are performed on the back-end database. If no other controls are in place, an attacker can simply modify the customer_number value, bypassing access controls to view the records of other customers.

load more comments (5 replies)

load more comments (48 replies)