Tilted Forum Project Discussion Community - View Single Post

bryanzera · 07-21-2003, 03:51 PM

not a hardware oops, but a coding oops.

We have a database of about 250,000 users of our service, each with a password. One day, I wanted to change the password of my account, so I opened a psql monitor on our live database (not the development db) and typed:

update users set password = 'newpassword';

Anyone notice that that SQL statement is missing a 'where' clause?

I had just set 250,000 passwords to 'newpassword'. Backups were shady back then, so we had to do some hardcore data recovery.

07-21-2003, 03:51 PM	#34 (permalink)
bryanzera Crazy Location: Fresno, CA	not a hardware oops, but a coding oops. We have a database of about 250,000 users of our service, each with a password. One day, I wanted to change the password of my account, so I opened a psql monitor on our live database (not the development db) and typed: update users set password = 'newpassword'; Anyone notice that that SQL statement is missing a 'where' clause? I had just set 250,000 passwords to 'newpassword'. Backups were shady back then, so we had to do some hardcore data recovery.