Penetration Testing mailing list archives

Re: Cisco LEAP

From: johnadams <johnadams () apple com>
Date: Mon, 3 Nov 2003 12:56:20 -0800


On Monday, November 3, 2003, at 11:59 AM, Rob Shein wrote:

It's not a question of peak performance as much as consistency. Flatfilesaren't meant to work this way; that's largely why databaseapplications workthe way they do in the first place. If something like paging competesfordrive access just long enough, the whole thing can go to hell. Whenyou'reopening a graphic or text file completely into memory to view or editit?For that, sure, a flat file is faster. But when you're streamingthrough aflat file that's dozens of gigs in size, over an extended period oftimewhile running the data into a memory and processor-intensive programat thesame time? Try it, and just see how quickly that works over thelength of
the entire file compared to a database :)

The real issue here is the right tool for the job -- we're talkingabout a file with many passwords in it, which ostensibly would be undera few megabytes in size. You could mmap() the entire thing into memoryand get consistent access without the use of a database. Memory ischeap these days.

One thing that I see much of in software design is an overwhelmingdesire to put everything into a database with complete disregard forperformance,

I used to work at Inktomi, and we used very little in the way ofdatabases to hold massive datasets (all web pages on the Internet.) Weavoided databases for performance reasons, and saw serious gainsbecause of customized code that read flat files filled with structures.

I guess the thing to remember here is that eventually the database hasto write your data out to disk, and when that happens, it'll be placedon the disk in a file, using an fwrite() and a modicum of indexes intothe data. Even programs like mysql eventually write their data out asBerkeleyDB files.


-john
(posting far outside the scope of pen-test now)


---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_pen-test_031023
and use priority code SF4.
----------------------------------------------------------------------------

Current thread:

RE: Cisco LEAP Rob Shein (Nov 03)
- Re: Cisco LEAP johnadams (Nov 03)
  - RE: Cisco LEAP Rob Shein (Nov 04)
    - Re: Cisco LEAP johnadams (Nov 04)
    - RE: Cisco LEAP Rob Shein (Nov 04)
- <Possible follow-ups>
- RE: Cisco LEAP SILES,RAUL (HP-Spain,ex1) (Nov 03)
- Re: Cisco LEAP Anders Thulin (Nov 12)