13 votes

I went to SQL injection court

1 comment

  1. skybrian
    Link
    From the article: … …

    From the article:

    In the course of this reporting work, Matt learned about a system Chicago operates called CANVAS. CANVAS is the central repository for all parking ticket data in the city. It’s a giant database, and Matt would very much like to know what’s in it. So he filed a FOIA request for the CANVAS database schema.

    The city flatly refused.

    Unfortunately, the Illinois Supreme Court had at their disposal a second dictionary. In the Merriam-Webster Online Dictionary, a “schema” is defined as “a structured framework or plan: outline”. “This is a difference in name only”, said the court. Argh. Schemas are now file layouts. We lose.

    Databases shouldn’t be a safe harbor for municipalities to conceal information from the public.

    But, thanks to the good people of Elgin, and also Crystal Lake (motto: “No, Not The One From Friday the 13th”), the Illinois legislature has an opportunity to fix this. SB0226 would add the following language to the statute:

    [Public bodies] shall provide a sufficient description of the structures of all databases under the control of the public body to allow a requester to request the public body to perform specific database queries.

    8 votes