142·
3 hours agoEvery German person I’ve ever met talks so confidently about shit that you just kinda assume they know what they’re talking about, until they start talking about a domain you’re an expert in and you realize they’re actually kinda dumb but with good vocabulary.
No. You can have control over specific parameters of an SQL query though. Look up insecure direct object reference vulnerabilities.
Consider a website that uses the following URL to access the customer account page, by retrieving information from the back-end database:
https://insecure-website.com/customer_account?customer_number=132355Here, the customer number is used directly as a record index in queries that are performed on the back-end database. If no other controls are in place, an attacker can simply modify the customer_number value, bypassing access controls to view the records of other customers.