Programmer Humor

26747 readers

534 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

Feyter@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev

pylapp@programming.dev

621

stop over engineering (infosec.pub)

submitted 3 days ago by CodiUnicorn@programming.dev to c/programmer_humor@programming.dev

65 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Blackmist@feddit.uk 1 points 1 day ago (1 children)

I haven't been down to test their public wifi in the cafe to see if that can access it.

The guy who installed it used to work for us and is a known clown, so it's entirely possible.

Although if it is, there's way worse things they can do from there. Like connect to the actual database for a start.

[–] luciferofastora@feddit.org 1 points 15 hours ago

Does the database use the same authentication and permissions as the API? If the API authenticates against the DB with a technical user, it may be still be an exploitable vulnerability for people who can't access the DB directly but can access the API. I don't know what database it is, what other databases run on the same server and what privileges might be achievable or escalatable, but generally "there are worse weaknesses" isn't a solid security policy.

You could give me a VPN access and I'll take a look around :p

(Please don't, actually – in case it needs to be said, running pentests on prod is a dangerously bad idea already even before we get to the whole "trusting a stranger on the Internet just because they sound sorta knowledgeable" issue)