Dailydave mailing list archives
Re: Databases are too easy.
From: "Dave Korn" <dave.korn () artimi com>
Date: Tue, 10 Oct 2006 19:52:30 +0100
On 10 October 2006 15:29, ET LoWNOISE wrote:
On Mon, 9 Oct 2006, Dave Aitel wrote:http://developer.mozilla.org/en/docs/Storage One of the things people do is they "innovate" by adding a database to everything. It's like this: 1. Problem 2. Problem + Database 3. SOLVED!
You left out step 4!
To "innovate" doesnt mean to solve a problem, in addition considering how programing languages are, then we can say that any programing language is dumb just because they are "simple" (and simple is gooood). If someone can't afford AI, and adding a DB solves the problem, then whats the issue if its all well and good?.
Randomly adding complex and unpredictable features left right and center is *the* big issue at the heart of the utter fiasco disaster slow-motion-trainwreck that we currently call "computer security". Who would have thought an email could infect your computer? Nobody, until M$ added all that active content: flashy bells and whistles that don't provide any life-or-death new features, just bloat and vulnerability. For many, many people, the cost-benefit ratio there is completely off the scale - major costs, no benefits, 1/0 == infinitely bad decision. Who would have thought browsing a webpage could launch random other applications on your computer? Nobody, until microsoft decided to let IE launch office applications, and invoke media player, and whatever else. All in the name of providing a "feature-rich" and "user-friendly" environment. So, adding a DB solves *a* problem in *a* situation. Great. But what is the cost side of this? I'll eat my hat if somewhere down the line we don't see websites being able to do SQL injection into clients' browsers and thence own the machine. When databases are already known to be big, vulnerable, difficult-to-secure applications, strewing them randomly about the place into existing applications seems like a hyper-risky idea to me. cheers, DaveK -- Can't think of a witty .sigline today.... _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Databases are too easy. Dave Aitel (Oct 09)
- Re: Databases are too easy. ET LoWNOISE (Oct 10)
- Re: Databases are too easy. Dave Korn (Oct 10)
- Re: Databases are too easy. Thor Larholm (Oct 10)
- Re: Databases are too easy. Brian Caswell (Oct 10)
- Re: Databases are too easy. Dave Korn (Oct 10)
- Re: Databases are too easy. Paul Melson (Oct 10)
- Re: Databases are too easy. Daniele Muscetta (Oct 11)
- Re: Databases are too easy. ET LoWNOISE (Oct 10)