Path: csiph.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: RS Wood Newsgroups: comp.misc Subject: nosql systems fall for some of the same old traps Date: Fri, 13 Nov 2015 11:45:20 +0300 Lines: 25 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Trace: individual.net uM2PaVB17vW6rCw90Id//w/mL5mVYQHlQRDZ3+7aXb24zu3AXw Cancel-Lock: sha1:LzTt8a/aTCxcllpklfxMrR4jlVw= User-Agent: Unison/2.1.10 Xref: csiph.com comp.misc:9505 http://www.theregister.co.uk/2015/11/13/nosql_security_new_generation/ NoSQL: Injection vaccination for a new generation This future architecture still falls into some of the same old traps //--clip We are becoming more and more accustomed to reading about losses of online data through malicious hack attacks, accidents, and downright carelessness – it’s almost as if we don’t know how to secure data against the most common form of attack. Of course, that isn’t really true as best practice, legislation, and education on the matter are easy to come by, from a variety of sources. Yet we continue to see common attacks being repeated, with SC Magazine reporting recently that 100,000 customers where compromised by SQL injection. Then, last year it was reported that the Wall Street Journal was vulnerable to the same security breach. NoSQL is, or was meant to be (you pick) the future architecture, an opportunity, almost, to start afresh. Given that and with the wealth of knowledge that's amassed from decades of SQL, you'd think NoSQL databases and systems wouldn’t fall into the same traps as the previous generations of RDBM systems. //--clip