LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Drizzle: a lighter MySQL

Drizzle: a lighter MySQL

Posted Jul 25, 2008 4:13 UTC (Fri) by jamesh (subscriber, #1159)
In reply to: Drizzle: a lighter MySQL by louie
Parent article: Drizzle: a lighter MySQL 

It isn't so much doing less as compartmentalising the code.  Programmers will make mistakes,
so doesn't it make sense to limit the damage that can occur when such a mistake is made?

If you have an SQL injection vulnerability, why does it have to be a data loss problem (if the
attacker can issue DROP TABLE) when it could just be information disclosure (and even that can
be limited).

And if we ignore the security aspect, restricting what an application can do can help pick up
programming errors.  If you have a log analysis application, it might only need to read from a
set of tables and not write to any tables.  Giving it only those permissions makes it obvious
if those expectations aren't met.

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds