Comment by Jean-Papoulos

2 months ago

I understand freedom of information, but what exactly does the public gain by Matt getting the database schema ?

If the answer is "the ability of the request data from a specific table/column", I would say that this should possible to do by asking for the relevant data directly (instead of asking for "the timestamps of each ticket" ask for the "time-related data of each ticket" for example) ?

And yes, having your db schema out in the wild can be a vector of attack, if only because it allows targeting the sql injections (the blog author himself argues this in court).

The court was right to reject this. Maybe the exact word of the law doesn't ask for it, but the spirit certainly does.

2 comments

Jean-Papoulos

gizmo 2 months ago

Municipalities obstinately refuse reasonable requests because they resent that the Freedom of Information Act allows regular civilians to get all up in their business. The excuses they make for noncompliance (it's burdensome! it violates privacy! sql injection!) are not serious. They don't want to comply because they don't like accountability. That's it.

tptacek 2 months ago

The blog author argued no such thing, because that is not true.