Is SQL injection still a bad thing if the user is restricted to non-harmful queries?

Suppose I have a very simple PHP application that acts as a front-end for an SQL database. The user enters their query into a box, and the app shows the query results in a table.

To prevent a user from modifying the table, the SQL user only has permissions for read-only queries, i.e. if a user tries to enter something like DELETE * FROM persons or DROP TABLE persons into the textbox, they get an error.

Is it still considered “bad form” if this web app is vulnerable to SQL injection, given that the intended use of the app is for the user to be able to execute their own (read-only) SQL queries on the database?

When during the events of the Curse of Strahd plot does Kasimir want to do this thing?

In Curse of Strahd, during my current playthrough of it (with me as the DM) the NPC Kasimir is the party’s ally (“Strahd’s Enemy”). It says throughout the adventure (whenever Kasimir is mentioned at all) that he:

It says, on p. 90, in the description for Crypt 21:

This implies that Kasimir would do this first before we face Strahd.

On p. 196, it describes a Special Event concerning Kasimir:

The first part implies he may want to do this before we face Strahd, but since both are related to Castle Ravenloft, it is ambiguous, so this part of the quote is perhaps not that helpful. The second part, though, implies again that Kasimir would do this before we face Strahd, since otherwise that part doesn’t make any sense.

However, his entry in Appendix D says the following of relevance under Dreams of the Damned, pp. 232-233:

This implies that Kasimir would do this after we face Strahd.

So my question is:

Is there really such a thing as “script kiddies”?

All my life, well, at least since the late 1990s, I’ve heard of this concept of “script kiddies”. Allegedly, it’s a term to refer to young kids or teenagers who, apparently, are somehow able to find “proof of concept” pre-coded exploit scripts of some kind, and proceed to download these to their own computers where they run them on some target website (or other server), hoping that they are unpatched/vulnerable, and, as a result, gain access to this server/computer/system.

Is, or was, this really a thing?

I was an extremely lonely “nerd” with tons of anger and frustrations. I actively looked for all kinds of sketchy stuff. But I never found anything like what I described above. I don’t believe it exists. I don’t buy that there is such a thing as a “script kiddie”.

Either that or I really was a lamer who couldn’t even find a pre-written script to run.

To me, it seems like “script kiddie” is a made-up concept. I don’t believe that it’s as simple as running a simple script to break into a system, and I don’t believe that such a script would be published in public in a way that makes “kiddies” able to find and use them.

I think the term was coined by pissed-off system administrators whose systems had been compromised, and rather than blaming themselves, the developers or “actual intruders”, they make up this idea (possibly after watching the movie “Hackers”) of there being a bunch of little annoying early teenage kids sitting there mindlessly running scripts which cause havoc.

Basically, if it had been that easy to “auto-hack” systems, this would’ve been abused far more often and automated long ago. I recognize that I’m not the smartest person in the world, and that there are extremely smart 14-year-olds, but I don’t “buy” this whole concept. I think the “script kiddie” is a nonexistent scapegoat.

It’s much easier to blame “those damn kids who don’t even know how to code” than admit that you were accepting any username/password to your world-facing database due to an embarrassing misconfiguration.

How to do scrapings and whatever it is to make this thing work again

I can not get my campaign to work one bit. When I started I got links which were green but it came to a complete halt-now nothing. I can not get it to work because I have no idea how.

Is there anyone out there who can give me some vital key information just to get going, whether it trying to scrape a list or what, I have no idea how to do that and it’s pretty annoying.

I tried watching a video that showed me how to get urls with gsa but when I do it it doesn’t work.

The screenshot shows the part where I am talking about. For example I go to save the file in another location and after a while I’ll check and it says no urls have been saved. Do I have to save them externally or does gsa save them? I suppose this is what I have been trying to find out all day because if gsa saves them automatically then I wont even worry about saving for other campaigns as I don’t need them at this point. 

Is there such a thing as a “privacy helmet”? [closed]

I have given up the idea of ever talking people out of carrying around surveillance devices or to influence the global society to remove all these surveillance cameras, mics, sensors, etc. I no longer go outdoors at all. This is crippling me for obvious reasons.

In the last few years, I’ve been thinking about possible ways to avoid being tracked. Of course, I don’t have a surveillance unit myself, but that doesn’t help at all since everyone else does, and I cannot destroy all the cameras and mic and sensors without going to prison or worse. I need to somehow cover my face at the very least, although that still won’t help against walking style/body shape/clothes recognition…

Is there such a thing as “privacy helmet” which I can buy and put on my head which not only physically protects my head, but covers my entire head in such a way that I become impossible to identify, and which is comfortable to wear? I’m thinking that on the outside, it just looks like chrome or completely black with no logos or anything on it. Preferably, it should have an advanced cooling system so that it doesn’t become a chore to wear in the summer time, but rather has the added benefit of basically being a portable air conditioner.

Inside, it should either have some kind of one-way glass so that I can look out and see where I’m going (yet nobody can see my eyes/face from the outside), or possibly a digital screen showing a 360 view around me, allowing me to “look behind my back” without turning my head. However, it doesn’t need to be that high-tech, and it would be preferable if this contraption didn’t require any power (battery) for practical and cost reasons. However, it may be necessary for the active cooling and whatnot.

Of course, such a privacy helmet would likely be abused by violent and evil criminals, ruining my chances of buying and using one for privacy alone. (I have zero intentions of abusing this, whether anyone believes it or not.) Maybe it even is illegal to wear such a thing.

Frankly, it surprises me that I have never heard of such a thing. If it exists, it is not well advertised.

Why does two different ways of doing the same thing differ so much?


a = 1.0 i = 0 while a != 0: … a = a/2 … i = i+1 … print(a,i) The above program ended at i=1075(I know that ideally the while loop shouldn’t have ended, and the reason why it stopped was because of the memory limit of the computer). Now, look at the next program. a = 1.0 b = 1.0 i = 0 while a+b != b: … a = a/2 … i = i+1 … print(a,i) This program ended at i=53. Why is there a big difference here? Why does the first program go up to 1075 iterations, while the latter goes up to 53? Also, when I tried a+b+c!=b+c, it went till just 52, furthermore a+b+c+d!=b+c+d went till 51. Why isn’t there a big difference here?

If a creature polymorphs into something is it that thing?

A number of creatures have the Shapechanger trait with some variation of the phrasing:

Shapechanger. The [creature] can use it’s action to polymorph into [output] or back into it’s true form. Its statistics remain the same in each form. […]

where [creature] and [output] in the above text are meant to be replaced with the specific creature and what it turns into.

While in it’s shapeshifted form is it that thing?

For example:

  • Is a shifted Werewolf a Wolf in it’s Wolf form?
  • Is a Mimic an object in it’s object form?
  • Is a Succubus/Incubus a humanoid in it’s humanoid form?

am closed pretty much to solve laplace eq. but I need help with some thing

I have written the following Mathematica codes to solve the LAPLACE eq. using the finite differences method.

  In[1]:= Remove[a, b, Nx, Ny, h, xgrid, ygrid, u, i, j] a = 0; b = 0.5; n = 4; h = (b - a)/n; xgrid = Table[x[i] -> a + i h, {i, 1, n}]; ygrid = Table[y[j] -> a + j h, {j, 1, n}]; eqnstemplate = {-4 u[i, j] + u[i + 1, j] + u[i - 1, j] + u[i, j - 1] +       u[i, j + 1] == 0}; BC1 = Table[u[i, 0] == 0, {i, 1, n - 1}]; BC2 = Table[u[i, 4] == 200 x[i], {i, 1, n - 1}]; BC3 = Table[u[4, j] == 200 y[j], {j, 2, n - 1}]; BC4 = Table[u[0, j] == 0, {j, 2, n - 1}]; Eqns = Table[eqnstemplate, {i, 1, n - 1}, {j, 1, n - 1}] /. xgrid /.      ygrid // Flatten; systemEqns = Join[Eqns, BC1, BC2, BC3, BC4] /. xgrid /. ygrid   Out[12]= {u[0, 1] + u[1, 0] - 4 u[1, 1] + u[1, 2] + u[2, 1] == 0,   u[0, 2] + u[1, 1] - 4 u[1, 2] + u[1, 3] + u[2, 2] == 0,   u[0, 3] + u[1, 2] - 4 u[1, 3] + u[1, 4] + u[2, 3] == 0,   u[1, 1] + u[2, 0] - 4 u[2, 1] + u[2, 2] + u[3, 1] == 0,   u[1, 2] + u[2, 1] - 4 u[2, 2] + u[2, 3] + u[3, 2] == 0,   u[1, 3] + u[2, 2] - 4 u[2, 3] + u[2, 4] + u[3, 3] == 0,   u[2, 1] + u[3, 0] - 4 u[3, 1] + u[3, 2] + u[4, 1] == 0,   u[2, 2] + u[3, 1] - 4 u[3, 2] + u[3, 3] + u[4, 2] == 0,   u[2, 3] + u[3, 2] - 4 u[3, 3] + u[3, 4] + u[4, 3] == 0, u[1, 0] == 0,   u[2, 0] == 0, u[3, 0] == 0, u[1, 4] == 25., u[2, 4] == 50.,   u[3, 4] == 75., u[4, 2] == 50., u[4, 3] == 75., u[0, 2] == 0,   u[0, 3] == 0} 

I need this out put in matrix form just for the unknown variable with substituting the known value to get the linear system that arises from solving the laplacses eq.