Groups | Search | Server Info | Login | Register
| From | Rich <rich@example.invalid> |
|---|---|
| Newsgroups | comp.misc |
| Subject | Re: nosql systems fall for some of the same old traps |
| Date | 2015-11-13 12:36 +0000 |
| Organization | My Linux Box |
| Message-ID | <n24lgq$od9$1@dont-email.me> (permalink) |
| References | <dalm90F90tfU1@mid.individual.net> |
RS Wood <rsw@therandymon.com> wrote: > http://www.theregister.co.uk/2015/11/13/nosql_security_new_generation/ > NoSQL: Injection vaccination for a new generation > This future architecture still falls into some of the same old traps > //--clip > ... > NoSQL is, or was meant to be (you pick) the future architecture, an > opportunity, almost, to start afresh. Given that and with the wealth of > knowledge that's amassed from decades of SQL, you'd think NoSQL > databases and systems wouldn?t fall into the same traps as the previous > generations of RDBM systems. > //--clip Obviously written by a reporter, not by a programmer. SQL injection attacks are the result of failing to treat data from "outside" as possibly malicious until it is defanged. The failure has nothing to do with SQL, or even with the connected database. It is the code that interfaces between the DB and the world. That interface code exists, no matter the backing database. And as long as some programmer writes that code assuming that all input data is only ponys and unicorns, these issues will continue to occur.
Back to comp.misc | Previous | Next — Previous in thread | Next in thread | Find similar
nosql systems fall for some of the same old traps RS Wood <rsw@therandymon.com> - 2015-11-13 11:45 +0300
Re: nosql systems fall for some of the same old traps Rich <rich@example.invalid> - 2015-11-13 12:36 +0000
Re: nosql systems fall for some of the same old traps Sylvia Else <sylvia@not.at.this.address> - 2015-11-16 18:52 +1100
csiph-web