SQL injection prevention may affect your customers



  • At least, if you're an airline.  According to ABC News the TSA will be implementing a system where your name on your ID has to match your boarding pass.  All fine and well, except that according to them most airline ticketing systems cannot accomodate an apostrophe in a name.  So the O'Reilly's will be unable to board.   This is most likely to prevent SQL injection attacks, simply strip the illegal characters out.

    Then again, this may work out like Y2K where diligent programmers work to resolve the issue before it occurs.  Or it may be media scaremongering.  I can say that I have had many issues with US websites in my life.  Some seem unable to comprehend that a surname can have more than one part to it, seperated by a space.



  • Little Bobby is going to have some trouble visiting Grammy in Florida.

    (frist XKCD reference)



  • @toth said:

    Little Bobby is going to have some trouble visiting Grammy in Florida. (frist XKCD reference)

    Hey, morbs, a new target for you.



  • Please meet my friends Parameterised Query and Proper Escaping.

    Dead handy to have around.



  • Wait, what?  Hasn't the TSA done this since 9/11?  They always go over my ID and boarding pass with a fine-toothed comb, presumably to see if the "I plan to hijack this flight" option was selected at check-in. 

     

    Seriously, though, I know it's for the same reason they allow the pissed-off looking Muslim through with little hassle: if we allow common sense to override political correctness, the terrorists will have won.  Metaphorically, of course, not literally; believing security theater is going to save lives is just retarded.


  • Discourse touched me in a no-no place

    @morbiuswilters said:

    Wait, what?  Hasn't the TSA done this since 9/11?  They always go over my ID and boarding pass with a fine-toothed comb, presumably to see if the "I plan to hijack this flight" option was selected at check-in. 
    The final time I flew out of BWI (which is the TSA's testbed for new dick moves) the fucker thought my boarding pass was fake because the paper was yellowed (I printed it myself. Via online checkin. My paper is yellowed because it's almost as old as I am.) and furthermore had never seen a driver's license like mine (It was Maryland's standard pre-age-21 vertical format. BWI is in Maryland.)

    Once we passed that hurdle, I was "randomly selected" for extra screening and had to explain that a hard drive is not a bomb and what it's used for and why I can't turn it on and show them.

     

    I don't fly through BWI anymore. I drive the extra hour and a half around Washington DC to go to Dulles.

     

     

     

    Also, I have very large doubts that this has anything to do with SQL injection - the younger airlines don't have problems with it - but the older legacy carriers do. I smell ignorant COBOL and FORTRAN programmers.



  •  The security guard at an airport in Maryland hadn't seen the underage Maryland drivers license? Oy.

     I live in MD and have flown out of BWI several times with no problems... and I've been told I LOOK like a terrorist/the unibomber. 😨



  • @Weng said:

    (It was Maryland's standard pre-age-21 vertical format. BWI is in Maryland.)

    Perhaps trying to use the IDs of your teenage victims the best plan, even if you are wearing their faces.

     

    @Weng said:

    Also, I have very large doubts that this has anything to do with SQL injection - the younger airlines don't have problems with it - but the older legacy carriers do. I smell ignorant COBOL and FORTRAN programmers.

    Am I the only one who is a bit confused by this?  Stripping single-quotes from input is not how you handle SQL injection.  In fact, SQL injection isn't something you should ever worry about, assuming you are using a database API that wasn't copied off the resource CD that came with the 2004 edition of PHP For Dummies.



  • @Weng said:

    Also, I have very large doubts that this has anything to do with SQL injection - the younger airlines don't have problems with it - but the older legacy carriers do. I smell ignorant COBOL and FORTRAN programmers.

    Wouldn't that make it the 'younger' systems' fault?  The data clearly can contain characters that the language of choice is sensitive to.  That is not the fault of a COBOL programmer!  I have similar issues with web developers.  They seem to think that just because they have to use HTML (and choose to use XML) that suddenly an account called Mr & Mrs O'Riely <Investment Account> that has existed since 1985 is 'illegal data'.

    Morbs has it right.  It's easy to do, provided you know where & when to do it and understand what you are doing and why.  The second most idiotic thing is web devs escaping their values too early (or reading data off controls instead of data objects) and spiraling into the relentless maelstrom of encode/decode clinging to the hope that somehow every part of the code hits a correctly en/decoded version of the data.

    It's fucking pathetic.



  • @morbiuswilters said:

    believing security theater is going to save lives is just retarded.

     If you ever run for office let me know so I can move there and vote for you (multiple times per election, if possible).



  •  Hopefully the TSA will just apply a reasonable level of common sense. I hadTSA person jokingly tell me one time that I couldn't get through because my ID said "Michael" and my ticket said "Mike".  I was not amused.



  • @morbiuswilters said:

    Seriously, though, I know it's for the same reason they allow the pissed-off looking Muslim through with little hassle: if we allow common sense to override political correctness, the terrorists will have won.  Metaphorically, of course, not literally; believing security theater is going to save lives is just retarded.

     

    If security was the real goal with this crap, no muslim would get into an airport, forget the plane itself.

    You can call it racism or whatever you like, but I don't see anybody else flying planes into buildings as of late.



  • @Master Chief said:

    @morbiuswilters said:

    Seriously, though, I know it's for the same reason they allow the pissed-off looking Muslim through with little hassle: if we allow common sense to override political correctness, the terrorists will have won.  Metaphorically, of course, not literally; believing security theater is going to save lives is just retarded.

     

    If security was the real goal with this crap, no muslim would get into an airport, forget the plane itself.

    You can call it racism or whatever you like, but I don't see anybody else flying planes into buildings as of late.

    alternatively, you could have special muslim only flights that are continuously followed by fighters.



  • @Master Chief said:

     

    If security was the real goal with this crap, no muslim would get into an airport, forget the plane itself.

    You can call it racism or whatever you like, but I don't see anybody else flying planes into buildings as of late.

    Corey Lidle called and he demands a retraction.



  • @Master Chief said:

    If security was the real goal with this crap, no muslim would get into an airport, forget the plane itself.

    You can call it racism or whatever you like, but I don't see anybody else flying planes into buildings as of late.

    It's been years since even a muslim flew a plane into a building anyway. You have a funny definition of "as of late."



  • @belgariontheking said:

    @Master Chief said:

    If security was the real goal with this crap, no muslim would get into an airport, forget the plane itself.

    You can call it racism or whatever you like, but I don't see anybody else flying planes into buildings as of late.

    It's been years since even a muslim flew a plane into a building anyway. You have a funny definition of "as of late."

    Now they just riot when people draw cartoons they don't like, murder filmmakers who make movies questioning Islam and gun down American soldiers on an Army base.



  • @bstorer said:

    Corey Lidle called and he demands a retraction.

    That's racist.  Just because he's white doesn't mean he isn't Muslim.  In fact, I believe crashing a plane into a building automatically makes you a Muslim.  I read it in the Koran.



  • @Master Chief said:

    @morbiuswilters said:

    Seriously, though, I know it's for the same reason they allow the pissed-off looking Muslim through with little hassle: if we allow common sense to override political correctness, the terrorists will have won.  Metaphorically, of course, not literally; believing security theater is going to save lives is just retarded.

     

    If security was the real goal with this crap, no muslim would get into an airport, forget the plane itself.

    You can call it racism or whatever you like, but I don't see anybody else flying planes into buildings as of late.

    Yes, because "most terrorists are Muslim" is logically equivalent to "most Muslims are terrorists"

    Wait a minute...



  • @morbiuswilters said:

    @bstorer said:

    Corey Lidle called and he demands a retraction.

    That's racist.  Just because he's white doesn't mean he isn't Muslim.  In fact, I believe crashing a plane into a building automatically makes you a Muslim.  I read it in the Koran.

    You read the Koran?!  HE'S A TERRORIST!  GET HIM!



  • @toth said:

    Yes, because "most terrorists are Muslim" is logically equivalent to "most Muslims are terrorists"

    Wait a minute...

     

    That is precisely the point of profiling them in high-security environments, as opposed to taking more drastic measures like, say, interning all of them, which would be necessary if the second condition were true.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.