Programmer Humor

20039 readers

1579 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

[email protected]

1207

The government doesn't use SQL (programming.dev)

submitted 1 day ago by [email protected] to c/[email protected]

405 comments fedilink hide all child comments

See the post on BlueSky: https://bsky.app/profile/provisionalidea.bsky.social/post/3lhujtm2qkc2i

According to many comments, the US government DOES use SQL, and Musk is not understanding much what's going on.

you are viewing a single comment's thread
view the rest of the comments

[–] asdfasdfasdf 5 points 1 day ago (2 children)

Just curious, but if SSNs were not recycled after death, would there be any reason not to use them as a primary key?

[–] franzfurdinand 12 points 1 day ago* (last edited 1 day ago) (1 children)

They're sequential, so the values above and below yours are valid SSNs of people born in the same hospital around the same time.

This would make it trivially easy to get access to records you shouldn't

[–] asdfasdfasdf 7 points 1 day ago (1 children)

Isn't that assuming you have access to doing arbitrary SQL queries on the database? Then you'd by definition have access to records you shouldn't.

[–] [email protected] 3 points 1 day ago* (last edited 1 day ago)

No. You can have control over specific parameters of an SQL query though. Look up insecure direct object reference vulnerabilities.

Consider a website that uses the following URL to access the customer account page, by retrieving information from the back-end database: https://insecure-website.com/customer_account?customer_number=132355 Here, the customer number is used directly as a record index in queries that are performed on the back-end database. If no other controls are in place, an attacker can simply modify the customer_number value, bypassing access controls to view the records of other customers.

[–] [email protected] 4 points 1 day ago (1 children)

As the user posted, one human can have more than one SSN in their lifetime. Many humans will never have an SSN. Some of those humans may have a TIN. Some humans may have at least one TIN and one SSN at some point.

[–] [email protected] 1 points 1 day ago (1 children)

What are the situations where you can have more than one SSN?

[–] [email protected] 2 points 1 day ago (1 children)

I'm referencing this, but I'm not actually sure: https://www.ssa.gov/OP_Home/handbook/handbook.14/handbook-1401.html

[–] [email protected] 1 points 14 hours ago

right I did hear the lifelock guy had to get a new SSN, and also Hilda Schrader Whitcher who's SSN was 078-05-1120 and needed to be reissued after her SSN was used as a placeholder in wallets. These seemed to be very uncommon though, and not something I'd expect most systems to be able to handle.