Drizzle: a lighter MySQL
Drizzle: a lighter MySQL
Posted Jul 24, 2008 16:30 UTC (Thu) by louie (guest, #3285)In reply to: Drizzle: a lighter MySQL by jamesh
Parent article: Drizzle: a lighter MySQL
Unless you're djb, your software inevitably accrues features and picks up security problems as a result. So I would never rely on 'my software is more secure because it does less.'
Posted Jul 25, 2008 4:13 UTC (Fri)
by jamesh (guest, #1159)
[Link]
Drizzle: a lighter MySQL
It isn't so much doing less as compartmentalising the code. Programmers will make mistakes,
so doesn't it make sense to limit the damage that can occur when such a mistake is made?
If you have an SQL injection vulnerability, why does it have to be a data loss problem (if the
attacker can issue DROP TABLE) when it could just be information disclosure (and even that can
be limited).
And if we ignore the security aspect, restricting what an application can do can help pick up
programming errors. If you have a log analysis application, it might only need to read from a
set of tables and not write to any tables. Giving it only those permissions makes it obvious
if those expectations aren't met.