Drizzle: a lighter MySQL
Drizzle: a lighter MySQL
Posted Jul 24, 2008 7:46 UTC (Thu) by jamesh (guest, #1159)In reply to: Drizzle: a lighter MySQL by louie
Parent article: Drizzle: a lighter MySQL
There are varying levels at which an application can be compromised. An attacker may work out a way to run arbitrary SQL but not arbitrary code (an SQL injection attack). In this case, limiting what SQL can be executed will reduce the impact of the vulnerability even if the database files are owned by the user running the application.
Posted Jul 24, 2008 16:30 UTC (Thu)
by louie (guest, #3285)
[Link] (1 responses)
Posted Jul 25, 2008 4:13 UTC (Fri)
by jamesh (guest, #1159)
[Link]
Drizzle: a lighter MySQL
Unless you're djb, your software inevitably accrues features and picks up security problems as
a result. So I would never rely on 'my software is more secure because it does less.'
Drizzle: a lighter MySQL
It isn't so much doing less as compartmentalising the code. Programmers will make mistakes,
so doesn't it make sense to limit the damage that can occur when such a mistake is made?
If you have an SQL injection vulnerability, why does it have to be a data loss problem (if the
attacker can issue DROP TABLE) when it could just be information disclosure (and even that can
be limited).
And if we ignore the security aspect, restricting what an application can do can help pick up
programming errors. If you have a log analysis application, it might only need to read from a
set of tables and not write to any tables. Giving it only those permissions makes it obvious
if those expectations aren't met.