Dailydave mailing list archives
Re: Databases are too easy.
From: "Dave Korn" <dave.korn () artimi com>
Date: Tue, 10 Oct 2006 19:52:30 +0100
On 10 October 2006 15:29, ET LoWNOISE wrote:
On Mon, 9 Oct 2006, Dave Aitel wrote:http://developer.mozilla.org/en/docs/Storage One of the things people do is they "innovate" by adding a database to everything. It's like this: 1. Problem 2. Problem + Database 3. SOLVED!
You left out step 4!
To "innovate" doesnt mean to solve a problem, in addition considering how programing languages are, then we can say that any programing language is dumb just because they are "simple" (and simple is gooood). If someone can't afford AI, and adding a DB solves the problem, then whats the issue if its all well and good?.
Randomly adding complex and unpredictable features left right and center is
*the* big issue at the heart of the utter fiasco disaster
slow-motion-trainwreck that we currently call "computer security". Who would
have thought an email could infect your computer? Nobody, until M$ added all
that active content: flashy bells and whistles that don't provide any
life-or-death new features, just bloat and vulnerability. For many, many
people, the cost-benefit ratio there is completely off the scale - major
costs, no benefits, 1/0 == infinitely bad decision. Who would have thought
browsing a webpage could launch random other applications on your computer?
Nobody, until microsoft decided to let IE launch office applications, and
invoke media player, and whatever else. All in the name of providing a
"feature-rich" and "user-friendly" environment.
So, adding a DB solves *a* problem in *a* situation. Great. But what is
the cost side of this? I'll eat my hat if somewhere down the line we don't
see websites being able to do SQL injection into clients' browsers and thence
own the machine. When databases are already known to be big, vulnerable,
difficult-to-secure applications, strewing them randomly about the place into
existing applications seems like a hyper-risky idea to me.
cheers,
DaveK
--
Can't think of a witty .sigline today....
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Databases are too easy. Dave Aitel (Oct 09)
- Re: Databases are too easy. ET LoWNOISE (Oct 10)
- Re: Databases are too easy. Dave Korn (Oct 10)
- Re: Databases are too easy. Thor Larholm (Oct 10)
- Re: Databases are too easy. Brian Caswell (Oct 10)
- Re: Databases are too easy. Dave Korn (Oct 10)
- Re: Databases are too easy. Paul Melson (Oct 10)
- Re: Databases are too easy. Daniele Muscetta (Oct 11)
- Re: Databases are too easy. ET LoWNOISE (Oct 10)