Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@UnicornPoo I live in Malaysia. I know this is illegal , I have been telling them that I am not going to do it.
-
@C0D4 he called me to perform an injection to a customer's bank account to deduct 500MYR as a service .
It is absurd I know ... -
hjk10156964yWell you said you where working for a scammer two days ago. So this should not be a surprise. I do wonder why marketing has something to do with this "service". Anyway name sure you get it in writing and add it to your dossier.
-
pipe3264y@johnmelodyme Even if you could perform an SQL injection on that bank account, you'd have to fiddle around to deduct the precise table names, and even after doing so, it would just make the client poorer, but not the company richer...
It clearly seems the guy who asked you to do that just watched a video about SQL injections and thought that it could be useful without knowing anything about how or why/when it works. -
Get out of there asap. Even if you're not doing it, you could be framed as someone who is (or framed for something much worse, they sound shady as anything.)
-
myss44454y1. Most bank no longer use Relational Database , they use something like NoSQL Database.
??? -
MM8312074yIf your local authority won’t listen there must be a banking regulator or someone. You need to cover your arse pronto, not to mention put them out of action.
-
@myss Yeah I've done some work for two banks, and NoSQL would be uncommon, at least in their backoffice backends.
One of them was had been using IBM DB/2 and Fortran since 1985, the other one OracleDB with Delphi.
Both had websites made with angular/react, Java web backends, and modern smartphone apps -- but the actual account balance was stored in ancient systems. -
@johnmelodyme i recommend using firebase to do that sql injection wink wink (inside joke)! Seriously though, maybe you should move away. It’s like everyone you were with wanted you to build the Taj Mahal within a weekend or some other weird shady black market thing
-
@johnmelodyme well, it seems like totally the wrong tool for structured financial data, but what do I know
-
Voxera113974yAs others have said, the very act is illegal, but for such a hack to work you need to know all about the banks system, how transactions are logged, what integrity controls they have.
Remember, most banks already assume someone with system access will try to game the system so they most likely does not trust their own people ;)
Unless you know exactly what to change and where and possibly even when they will notice and restore the account. -
I know I'm a little late in this thread, but please report these people to HR and then the most local cybersecurity agency near you, if this is serious. Our government doesnt take this lightly, and neither should you. See something, say something.
Related Rants
So my marketing dept request us to perform a SQL injection to someone's bank account. I refuse to do it.
1. Most bank no longer use Relational Database , they use something like NoSQL Database.
2. Even if the bank Use Relational Database system, I assume their security must be high, validating my session maybe...
3. I am not going to do shit like this for illegal purposes, well this task sounds super illegal to me
4. Hacking is not a part of my job description. I was hired to be a Senior Fullstack Mobile App Developer.
This is screwed up !
rant
company
bank
sql