Project

Legacies of British Slavery

Problem

The Legacies of British Slavery database was built in 2012 and had not been substantially updated since. The codebase relied on legacy custom PHP with hardcoded SQL queries throughout, leaving it exposed to SQL injection and other security vulnerabilities. The application needed to remain available throughout the work — it receives millions of visitors a year and documents one of the largest historical datasets of British slave-owners ever compiled.

Approach

A full audit of the codebase identified all raw SQL queries and insecure input handling. These were progressively replaced with an ORM layer, giving the data model a consistent and safe interface. A test framework was introduced to cover the core query logic and ensure the large number of records (documented at ucl.ac.uk/lbs/project/details) continued to be retrieved correctly after each change. Security fixes were applied in parallel, addressing injection risks and hardened input validation throughout.

Outcome

The application was successfully migrated to a modern, maintainable codebase without disruption to the live service. The ORM and test suite provide a foundation for future development, and the security vulnerabilities identified in the original 2012 code were fully resolved.