Its hilarious watching reporters tring to explain even the most basic database security concepts.

[aceplace57]

Where have the technical reporters gone? Reading the press’ attempt to explain the Hillary Clinton and Bernie Sanders data breach is both hilariously inept and painful.

Non technical people use databases all the time at their offices. They know the frustration of security denials. Getting multiple people to sign off on forms just so you can pull up a dept’s information on your screen. It’s been a part of our lives for decades.

Pull up a chair and lets see how this reporter tries to explain that somebody left full privileges on the databases’ user accounts.

What gibberish. Would it kill the reporter to explain . Security in a database? That individual users can only access data they’ve been given permission to read? An admin assistant in a dept can only access budget records for their department. They can’t see another dept’s budget and expenditures. That’s a very basic concept here. A big boss over the entire division might have an account with rights to see records for all the depts under him. But can’t see another division’s records.

It’s not a tech problem. Some dumb ass granted super privileges on these user accounts. Allowing them to see the entire database. Any DBA on the job for a week knows better than to do stupid shit like this.

You mean data is shared in a file? Why what in tarnation will these clever young people think of next? :smack: It’s called a database you idiot and they’ve been shared resources for at least 50 years.
which maintains a shared file of voter information for all of the party’s top presidential campaigns.

Really its a mountain out of a molehill. They left the door open and somebody walked in. Fix the account security, STFU, and move on. There’s nothing to see here other than the press exploiting a non-story.

At least one staffer working for Sen. Bernie Sanders (I-Vt.) has been punished for improperly accessing information from Hillary Clinton’s campaign following a technical foulup by the Democratic party’s data vendor that made each campaign’s data potentially accessible to its opponent. But both campaigns believe they have been wronged by the way the tech problem — and its aftermath — were handled.

The intrusion was reportedly the result of issues with software that a third-party contractor, NGP VAN, provided to the DNC, which maintains a shared file of voter information for all of the party’s top presidential campaigns.

[TriPolar]

It has been fun to watch. The whole story is just a political infight based on technical gibberish. To be fair, some of the talking heads know what they don’t understand, but do realize what most people do understand, and just say someone was accidently given privileges to see something they shouldn’t have.

[aceplace57]

I am surprised a Sander’s staffer tried searching for Clinton records. Its like rattling a doorknob. You just expect it to be locked.

He may have been using a SQL query and it just dumped out.

Select * From Voter_Table will dump all records you have access too. Surprise, surprise you get more than you expected. Add a where statement (to narrow the search) and you just created a political scandal and lost your job all in one day.

[JerrySTL]

I wonder if the database had proper profiles and privileges set up OR (drum roll please) the application was ‘handling’ the security stuff. As a DBA, I’ve seen all too often where the developer/programmer tries to reinvent the wheel instead of using the built-in capabilities of the database.

[DorkVader]

nm

[GrumpyBunny]

aceplace57:

I am surprised a Sander’s staffer tried searching for Clinton records. Its like rattling a doorknob. You just expect it to be locked.

He may have been using a SQL query and it just dumped out.

Select * From Voter_Table will dump all records you have access too. Surprise, surprise you get more than you expected. Add a where statement (to narrow the search) and you just created a political scandal and lost your job all in one day.

Yup, pretty easy to have happen. I had to run a similar SQL query a few weeks back, but luckily I don’t have READ ALL access and didn’t get every client’s data dumped into my drive. So I didn’t have to go to my boss and fall on my sword.

And I agree with the statements in this OP.

[usedtobe]

The big problem (which we still see in the News!) is that Programmers can’t get database security straight.

Hey - if we make everything a GLOBAL variable, we don’t have to worry about proper linkages - everything will have access to every thing!.

Yep - and that’s the problem.

Everything you send to another machine is instantly accessible to anyone on it. With UPDATE authorization.
We used to do code walk-throughs, and each program had to justify its database access.
It might be time to consider the old-fashioned control table (to which only God ID’s could write).

Kids today!

[Richard_Pearse]

I think everyone with expertise in some field has discovered that journalists know nothing about that field and aren’t willing to learn or make the slightest attempt at getting any details right. It doesn’t take long to realize that most journalists know nothing about any field, including the art of writing a good news article.