smarlowe@xxxxxxxxxxxxxxxxx (Scott Marlowe) writes:
> About the security thing. Security is a process, and you won't get
> it from using two different database engines.
I'd argue that security is an "emergent property" which is either
supported by or undermined by particular
facts/features/configurations.
It's not something you can have; instead, conditions may either:
a) Leave you vulnerable to particular attacks, or
b) Protect you from particular attacks.
"Being secure" means that you have done an analysis of some set of
attacks and relevant vulnerabilities, and verified that your
conditions provide protection against those attacks.
Having multiple databases around would protect certain
vulnerabilities; whether they are *relevant* is a whole other
matter.
The notion of having a mental model of what security is, that's
something I'd consider vitally important. If you can't articulate
some sort of model that involves the notions of:
- Attacks, vulnerabilities, and protection against such
- Having some classification of kinds of possible attacks
then I don't think it's possible to articulate that there is any
resultant security.
You might be secure, for some definition thereof, but if you can't
articulate that definition...
--
output = ("cbbrowne" "@" "acm.org")
http://cbbrowne.com/info/security.html
Friends help you move. Real friends help you move bodies.
