<a href="http://g.adspeed.net/ad.php?do=clk&zid=15220&wd=468&ht=60&pair=as" target="_blank"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15220&wd=468&ht=60&pair=as" alt="i" width="468" height="60"/></a>
Log in
::
Register
::
Not logged in
Home
Tags
Articles
Editorials
Stairways
Forums
Scripts
Videos
Blogs
QotD
Books
Ask SSC
SQL Jobs
Training
Authors
About us
Contact us
Newsletters
Write for us
<a href="http://g.adspeed.net/ad.php?do=clk&zid=15491&wd=120&ht=300&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15491&wd=120&ht=300&pair=as" alt="i" width="120" height="300"/></a>
Recent Posts
Recent Posts
Popular Topics
Popular Topics
Home
Search
Members
Calendar
Who's On
Home
»
SQLServerCentral.com
»
Editorials
»
Data We Don't Want
14 posts, Page 1 of 2
1
2
»»
Data We Don't Want
Rate Topic
Display Mode
Topic Options
Author
Message
Steve Jones - SSC Editor
Steve Jones - SSC Editor
Posted Monday, March 04, 2013 9:52 PM
SSC-Dedicated
Group: Administrators
Last Login: Today @ 10:52 AM
Points: 31,431,
Visits: 13,740
Comments posted to this topic are about the item
Data We Don't Want
Follow me on Twitter:
@way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
Post #1426589
paul.knibbs
paul.knibbs
Posted Tuesday, March 05, 2013 12:35 AM
Ten Centuries
Group: General Forum Members
Last Login: Today @ 6:28 AM
Points: 1,258,
Visits: 4,259
I could be really smug because I always use Firefox, but instead I'll allow myself to be gobsmacked that such an obvious flaw has made it into three major browsers. Who audits the code for these things?
Post #1426619
Gary Varga
Gary Varga
Posted Tuesday, March 05, 2013 4:45 AM
Hall of Fame
Group: General Forum Members
Last Login: Today @ 9:14 AM
Points: 3,540,
Visits: 1,128
Steve Jones - SSC Editor (3/4/2013)
<snip/>This makes me want to re-architect the way we build data driven application in the future, to prevent this type of vandalism. Maybe building an application level firewall that proxies all access to a database server. The idea of application servers was very popular a decade ago, but it seems few systems actually implemented this type of architecture. Perhaps this is because the web server/database server pairing is such an easy paradigm to build for most developers.<snip/>
A lot of Enterprise developers, whose number I less than humbly count myself amongst, would love to properly architect and implement such systems. Often it is driven from above with the rapid and cheaper development options chosen. Sure, there are those developers who don't think like this and quite often they are the so called "web developers". Bearing in mind the dangers of generalisations, a lot of these developers come from a graphics/web design back ground or perhaps "the business" and don't see the value of software engineering. From a certain point of view, the economics of software engineering does not stack up...until things go wrong.
Often the cost of application frameworks is high, not "out of the box" (which often cost enough in the first place) and there are very few people with expertise in these frameworks.
As always we should be raising the level of abstraction of our frameworks to make leverage of them more cost effective. Unfortunately, we are still have yet to make logging, performance monitoring and such like work straight out of the box, perhaps straight out of each language, and built in through minor configuration only. Until we do this we will still be delivering a lower level of quality and have no hope for the level of maturity of applications suggested.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
Post #1426749
Eric M Russell
Eric M Russell
Posted Tuesday, March 05, 2013 6:35 AM
Ten Centuries
Group: General Forum Members
Last Login: Today @ 10:50 AM
Points: 1,164,
Visits: 3,336
paul.knibbs (3/5/2013)
I could be really smug because I always use Firefox, but instead I'll allow myself to be gobsmacked that such an obvious flaw has made it into three major browsers. Who audits the code for these things?
FireFox does support HTML5 Storage, are you sure it's implemented in a way that's safer than IE and Chrome? Go to the website Steve mentioned in his article and see.
"Wise people understand the 10,000 things without going to each one.
They know them without having to look at each one,
and they transform all without acting on each one." - The Tao Te Ching: Verse 47
Post #1426787
paul.knibbs
paul.knibbs
Posted Tuesday, March 05, 2013 6:39 AM
Ten Centuries
Group: General Forum Members
Last Login: Today @ 6:28 AM
Points: 1,258,
Visits: 4,259
Eric M Russell (3/5/2013)
[quote]
paul.knibbs (3/5/2013)
FireFox does support HTML5 Storage, are you sure it's implemented in a way that's safer than IE and Chrome? Go to the website Steve mentioned in his article and see.
The Ars Technica article that Steve linked to (which describes the exploit in more detail) says this:
"Of the browsers Aboukhadijeh tested, only Mozilla Firefox capped the download amount."
If the people who actually created the exploit say it's implemented in a safer way, I'm inclined to agree with them...
Post #1426791
Eric M Russell
Eric M Russell
Posted Tuesday, March 05, 2013 6:39 AM
Ten Centuries
Group: General Forum Members
Last Login: Today @ 10:50 AM
Points: 1,164,
Visits: 3,336
That's a denial of service type attack that I hadn't expected, but it is an interesting attack vector. I wouldn't expect this to impact servers, but if servers are consuming web services, and using controls based on browsers, there is the possibility this type of attack might affect them. I'd hope this were limited to web servers and not impact database servers, but it's certainly a concern if you have processes running on your database server that might retrieve data from a remote source.
It's probably a good idea to use IPSec and firewall on application or database servers to disallow browsing of external IP addresses.
"Wise people understand the 10,000 things without going to each one.
They know them without having to look at each one,
and they transform all without acting on each one." - The Tao Te Ching: Verse 47
Post #1426792
andyw-834405
andyw-834405
Posted Tuesday, March 05, 2013 7:32 AM
SSChasing Mays
Group: General Forum Members
Last Login: Tuesday, April 02, 2013 8:28 AM
Points: 646,
Visits: 61
If FillDisk.com is a malicious site, why is it hyper-linked in your editorial?
Post #1426827
Gary Varga
Gary Varga
Posted Tuesday, March 05, 2013 8:04 AM
Hall of Fame
Group: General Forum Members
Last Login: Today @ 9:14 AM
Points: 3,540,
Visits: 1,128
andyw-834405 (3/5/2013)
If FillDisk.com is a malicious site, why is it hyper-linked in your editorial?
...searching for the IT variation of a Darwin Award winner?
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
Post #1426851
SQLRNNR
SQLRNNR
Posted Tuesday, March 05, 2013 8:25 AM
SSCoach
Group: General Forum Members
Last Login: Monday, May 20, 2013 1:07 PM
Points: 18,733,
Visits: 12,332
paul.knibbs (3/5/2013)
... I'll allow myself to be gobsmacked that such an obvious flaw has made it into three major browsers. Who audits the code for these things?
+1
Jason
AKA CirqueDeSQLeil
I have given a name to my pain...
MCM SQL Server 2008
SQL RNNR
Posting Performance Based Questions - Gail Shaw
Posting Data Etiquette - Jeff Moden
Hidden RBAR - Jeff Moden
VLFs and the Tran Log - Kimberly Tripp
Post #1426864
andyw-834405
andyw-834405
Posted Tuesday, March 05, 2013 8:44 AM
SSChasing Mays
Group: General Forum Members
Last Login: Tuesday, April 02, 2013 8:28 AM
Points: 646,
Visits: 61
Gary Varga (3/5/2013)
andyw-834405 (3/5/2013)
If FillDisk.com is a malicious site, why is it hyper-linked in your editorial?
...searching for the IT variation of a Darwin Award winner?
Wow, that was uncalled for...
Post #1426871
« Prev Topic
|
Next Topic »
14 posts, Page 1 of 2
1
2
»»
Permissions
You
cannot
post new topics.
You
cannot
post topic replies.
You
cannot
post new polls.
You
cannot
post replies to polls.
You
cannot
edit your own topics.
You
cannot
delete your own topics.
You
cannot
edit other topics.
You
cannot
delete other topics.
You
cannot
edit your own posts.
You
cannot
edit other posts.
You
cannot
delete your own posts.
You
cannot
delete other posts.
You
cannot
post events.
You
cannot
edit your own events.
You
cannot
edit other events.
You
cannot
delete your own events.
You
cannot
delete other events.
You
cannot
send private messages.
You
cannot
send emails.
You
may
read topics.
You
cannot
rate topics.
You
cannot
vote within polls.
You
cannot
upload attachments.
You
may
download attachments.
You
cannot
post HTML code.
You
cannot
edit HTML code.
You
cannot
post IFCode.
You
cannot
post JavaScript.
You
cannot
post EmotIcons.
You
cannot
post or upload images.
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved.
Privacy Policy.
Terms of Use.
Report Abuse.
