LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices



Reply
 
Search this Thread
Old 06-17-2006, 09:29 PM   #106
boredandblogging
Member
 
Registered: Jun 2006
Posts: 62

Rep: Reputation: 15

Quote:
Originally Posted by jonaskoelker
Aha. I see. Much in the same way that windows 95 *should not* bluescreen, yeah?
whats your point? Its not like any programming language automatically checks your input and makes sure it isn't malicious before sending it on the database. The BSOD is what you get by allowing #1, trusting the programmer.

Last edited by boredandblogging; 06-17-2006 at 09:30 PM.
 
Old 06-17-2006, 10:38 PM   #107
jonaskoelker
Senior Member
 
Registered: Jul 2004
Location: Denmark
Distribution: Ubuntu, Debian
Posts: 1,524

Original Poster
Rep: Reputation: 46
Quote:
whats your point?
That there's a distinction to be made between what should be and what is. TBH, I don't know how bad a problem SQL injection is these days.

Quote:
Its not like any programming language automatically checks your input and makes sure it isn't malicious before sending it on the database.
Quite correct, because it can't--that would require the ability to read the programmers/administrators/... mind to determine what they think is malicious.

In a similar way, it's not like any compiler will (in full generality) test your code for the possibility of going BSOD: accepting that C and turing machines are equivalent, and that moving to the next sequence point (more or less executing a statement) is equivalent to a transition in a turing machine, here's a handy proof that ExecutesTransition and Halts are equivalent.

ExecutesTransition quite clearly also contains Halts, since we can just see if any of the halting transitions are executed (there are only a finite amount). OTOH, Halts also includes ExecutesTransition, since we can create an altered turing machine which is the original with the transition in question replaced by a halting transition, and all other halting transitions replaced by an infinite loop.

And we all know Halts to be unsolvable (if it was solvable, $R = RE$, but $SA \in RE \setminus R$).

So I don't see why the two are different.

Quote:
The BSOD is what you get by allowing #1, trusting the programmer.
No, that is flat out wrong, and this is why: when I dual-booted between RH 6.2 and W98, RH 6.2 never crashed. W98 did.

Last edited by jonaskoelker; 06-17-2006 at 10:39 PM.
 
Old 06-17-2006, 11:16 PM   #108
boredandblogging
Member
 
Registered: Jun 2006
Posts: 62

Rep: Reputation: 15
Quote:
Originally Posted by jonaskoelker
No, that is flat out wrong, and this is why: when I dual-booted between RH 6.2 and W98, RH 6.2 never crashed. W98 did.
This is a joke right? When I first tried linux back in college (RH 4.2, which I bought on a CD for like $39), I would get a kernel panic everytime it tried to load my new fangled 3c905 ethernet card. I'm a gung-ho linux user like everyone else around here, but lets not exaggerate.
 
Old 06-18-2006, 08:18 AM   #109
jonaskoelker
Senior Member
 
Registered: Jul 2004
Location: Denmark
Distribution: Ubuntu, Debian
Posts: 1,524

Original Poster
Rep: Reputation: 46
Quote:
Originally Posted by boredandblogging
This is a joke right? When I first tried linux back in college (RH 4.2)...
No, it's not a joke, it's my experience. You've had a different experience--great for you (or not so great, actually), but that doesn't change that I experienced what I experienced. Besides, you're talking about 4.2, I'm talking about 6.2, so they're not really comparable either.

Quote:
lets not exaggerate.
Okay, here's a non-exaggeration: over the period in which RH6.2 was installed on my computer, RH6.2 didn't crash. Windows 98 did.
 
Old 06-18-2006, 09:03 PM   #110
Michael_S
Member
 
Registered: Oct 2004
Location: Pennsylvania, USA
Distribution: Debian
Posts: 78

Rep: Reputation: 23
Quote:
Originally Posted by Crito
You should have put the SQL in a PostgreSQL function/stored-proc IMHO. Allows the server to cache the query plan and reuse it, dramatically improving performance. Also hides the actual SQL making injection attacks almost impossible (unless you use dynamic SQL withing the function/proc itself).
I've set up a few PostgreSQL PL/pgSQL functions - nothing particularly fancy - to simplify things. But I didn't know Postgres could cache the query plan and reuse it.

I'll have to read up on that.

To be perfectly honest, I hadn't given any thought to SQL injection attacks. Our security issue is much simpler than that. The system has nearly 250 users with administrative logins, and almost all of our users are not technically savvy. When we go on site to check the system status, the bare handful of users that don't use ridiculous passwords like "password1" tend to have their passwords taped to the monitor on a post-it note. We don't have any financially valuable data in the system, but the only thing preventing a script kiddie from getting admin access and posting the whole database on the internet is the fact that we're still too small to get much attention.

PS jonaskoelker and boredandblogging:
In my experience, if Linux crashes you have a hardware or driver problem. I think everyone has seen Windows 95, 98, and ME crash frequently. I've seen periodic crashes on NT, 2000, XP, and 2003 too - but they're all several orders of magnitude more stable than the Windows 9x versions.
 
  


Reply

Tags
article, java


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Hate it....... sgrayban Conectiva 9 04-30-2005 06:24 PM
I hate it when... Tarts General 27 10-20-2003 05:32 PM
I hate to ask this but... TippyToes General 16 08-24-2003 08:23 PM
I hate it linuxdoesntwork Linux - Newbie 3 06-29-2003 05:05 PM
i hate this!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Jeffrey General 5 04-06-2001 02:04 AM


All times are GMT -5. The time now is 07:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration