Jump to content

Wikipedia:Miscellany for deletion/Wikipedia:Database queries

Add links
From Wikipedia, the free encyclopedia
The following discussion is an archived debate of the proposed deletion of the miscellaneous page below. Please do not modify it. Subsequent comments should be made on the appropriate discussion page (such as the page's talk page or in a deletion review). No further edits should be made to this page.

The result of the discussion was no consensus to delete. ···日本穣? · 投稿 · Talk to Nihonjoe · Join WP Japan! 21:40, 12 March 2012 (UTC)[reply]

Wikipedia:Database queries

[edit]
Wikipedia:Database queries (edit | talk | history | links | watch | logs)

Although I should be clear that I have minimal detailed understanding of these technical matters, as far as I can tell, there is an old project page that is advocating practices that are currently being rooted out by the MW developers. If I am correct, perhaps this material ought to be removed, or at least the page updated. It Is Me Here t / c 21:30, 3 March 2012 (UTC)[reply]

List of redirects that would become eligible for G8 were this page to be deleted. It Is Me Here t / c 21:33, 3 March 2012 (UTC)[reply]
Not entirely obsolete; I run queries on behalf of perhaps 8 or 10 users per year and am sure at least a handful of the other dozen people on the query-service list do likewise. I have no idea how many of these reach us through Wikipedia:Database queries though. Certainly the page needs radically updated - lots of stuff there more than 7 years out of date. - TB (talk) 22:10, 3 March 2012 (UTC)[reply]
I've brought the page up to date. Hopefully the precludes the need to delete. -TB (talk) 09:10, 4 March 2012 (UTC)[reply]
  • Comment there is a typo on the page ('Redirects with than 20 ...').
  • Question so on a side issue not so much related to the matter of the deletion of this page so much as its contents, are we or are we not currently vulnerable to whatever it is that MW developers are currently trying to warn hosts of wiki-type websites about? It Is Me Here t / c 13:25, 4 March 2012 (UTC)[reply]
  • Many websites use a SQL database as a 'back-end' in which to store important data. A specific but widespread problem exists in such a setup where user-entered text is used to build a SQL query to run against the database; this is known as a SQL-injection attack. If for example a user is asked to type their name ('"Fred Flintstone"') into a field, a SQL statement might produce:
SELECT * FROM Orders WHERE User='Fred Flintstone';
An attacker might enter something other than a name in an attempt to run additional SQL statements against the database. For example entering '"Fred Flintstone'; UPDATE Accounts SET Credit=1000 WHERE User='Fred Flintstone"' to produce:
SELECT * FROM Orders WHERE User='Fred Flintstone';  UPDATE Accounts SET Credit=1000 WHERE User='Fred Flintstone';
None of the four methods general users have access to involves running statements incorporating text provided by untrusted users against the live databases. In the very early days of Wikipedia, a facility for running SQL queries against the live database existed, but ran in a mode allowing only read-only access to non-sensitive tables. - TB (talk) 15:18, 4 March 2012 (UTC)[reply]
The above discussion is preserved as an archive of the debate. Please do not modify it. Subsequent comments should be made on the appropriate discussion page (such as the page's talk page or in a deletion review). No further edits should be made to this page.


Retrieved from "https://en.wikipedia.org/w/index.php?title=Wikipedia:Miscellany_for_deletion/Wikipedia:Database_queries&oldid=1142591875"