Home Forums HCL Reviews Tutorials Articles Register Search Today's Posts Mark Forums Read
 LinuxQuestions.org Why I hate java
 General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

06-17-2006, 09:29 PM   #106
boredandblogging
Member

Registered: Jun 2006
Posts: 62

Rep:

Quote:
 Originally Posted by jonaskoelker Aha. I see. Much in the same way that windows 95 *should not* bluescreen, yeah?
whats your point? Its not like any programming language automatically checks your input and makes sure it isn't malicious before sending it on the database. The BSOD is what you get by allowing #1, trusting the programmer.

Last edited by boredandblogging; 06-17-2006 at 09:30 PM.

06-17-2006, 10:38 PM   #107
Senior Member

Registered: Jul 2004
Location: Denmark
Distribution: Ubuntu, Debian
Posts: 1,524

Original Poster
Rep:
Quote:
That there's a distinction to be made between what should be and what is. TBH, I don't know how bad a problem SQL injection is these days.

Quote:
 Its not like any programming language automatically checks your input and makes sure it isn't malicious before sending it on the database.
Quite correct, because it can't--that would require the ability to read the programmers/administrators/... mind to determine what they think is malicious.

In a similar way, it's not like any compiler will (in full generality) test your code for the possibility of going BSOD: accepting that C and turing machines are equivalent, and that moving to the next sequence point (more or less executing a statement) is equivalent to a transition in a turing machine, here's a handy proof that ExecutesTransition and Halts are equivalent.

ExecutesTransition quite clearly also contains Halts, since we can just see if any of the halting transitions are executed (there are only a finite amount). OTOH, Halts also includes ExecutesTransition, since we can create an altered turing machine which is the original with the transition in question replaced by a halting transition, and all other halting transitions replaced by an infinite loop.

And we all know Halts to be unsolvable (if it was solvable, $R = RE$, but $SA \in RE \setminus R$).

So I don't see why the two are different.

Quote:
 The BSOD is what you get by allowing #1, trusting the programmer.
No, that is flat out wrong, and this is why: when I dual-booted between RH 6.2 and W98, RH 6.2 never crashed. W98 did.

Last edited by jonaskoelker; 06-17-2006 at 10:39 PM.

06-17-2006, 11:16 PM   #108
boredandblogging
Member

Registered: Jun 2006
Posts: 62

Rep:
Quote:
 Originally Posted by jonaskoelker No, that is flat out wrong, and this is why: when I dual-booted between RH 6.2 and W98, RH 6.2 never crashed. W98 did.
This is a joke right? When I first tried linux back in college (RH 4.2, which I bought on a CD for like \$39), I would get a kernel panic everytime it tried to load my new fangled 3c905 ethernet card. I'm a gung-ho linux user like everyone else around here, but lets not exaggerate.

06-18-2006, 08:18 AM   #109
Senior Member

Registered: Jul 2004
Location: Denmark
Distribution: Ubuntu, Debian
Posts: 1,524

Original Poster
Rep:
Quote:
 Originally Posted by boredandblogging This is a joke right? When I first tried linux back in college (RH 4.2)...
No, it's not a joke, it's my experience. You've had a different experience--great for you (or not so great, actually), but that doesn't change that I experienced what I experienced. Besides, you're talking about 4.2, I'm talking about 6.2, so they're not really comparable either.

Quote:
 lets not exaggerate.
Okay, here's a non-exaggeration: over the period in which RH6.2 was installed on my computer, RH6.2 didn't crash. Windows 98 did.

06-18-2006, 09:03 PM   #110
Michael_S
Member

Registered: Oct 2004
Location: Pennsylvania, USA
Distribution: Debian
Posts: 85

Rep:
Quote:
 Originally Posted by Crito You should have put the SQL in a PostgreSQL function/stored-proc IMHO. Allows the server to cache the query plan and reuse it, dramatically improving performance. Also hides the actual SQL making injection attacks almost impossible (unless you use dynamic SQL withing the function/proc itself).
I've set up a few PostgreSQL PL/pgSQL functions - nothing particularly fancy - to simplify things. But I didn't know Postgres could cache the query plan and reuse it.

I'll have to read up on that.

To be perfectly honest, I hadn't given any thought to SQL injection attacks. Our security issue is much simpler than that. The system has nearly 250 users with administrative logins, and almost all of our users are not technically savvy. When we go on site to check the system status, the bare handful of users that don't use ridiculous passwords like "password1" tend to have their passwords taped to the monitor on a post-it note. We don't have any financially valuable data in the system, but the only thing preventing a script kiddie from getting admin access and posting the whole database on the internet is the fact that we're still too small to get much attention.

In my experience, if Linux crashes you have a hardware or driver problem. I think everyone has seen Windows 95, 98, and ME crash frequently. I've seen periodic crashes on NT, 2000, XP, and 2003 too - but they're all several orders of magnitude more stable than the Windows 9x versions.

 Tags article, java

 Posting Rules You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is Off HTML code is Off Forum Rules

 Similar Threads Thread Thread Starter Forum Replies Last Post sgrayban Conectiva 9 04-30-2005 06:24 PM Tarts General 27 10-20-2003 05:32 PM TippyToes General 16 08-24-2003 08:23 PM linuxdoesntwork Linux - Newbie 3 06-29-2003 05:05 PM Jeffrey General 5 04-06-2001 02:04 AM

LinuxQuestions.org

All times are GMT -5. The time now is 01:42 AM.

 Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -