SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Trust But Verify


Trust But Verify

Author
Message
Steve Jones
Steve Jones
SSC Guru
SSC Guru (632K reputation)SSC Guru (632K reputation)SSC Guru (632K reputation)SSC Guru (632K reputation)SSC Guru (632K reputation)SSC Guru (632K reputation)SSC Guru (632K reputation)SSC Guru (632K reputation)

Group: Administrators
Points: 632348 Visits: 21351
Comments posted to this topic are about the item Trust But Verify

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
thierry.vandurme
thierry.vandurme
SSCrazy
SSCrazy (2.9K reputation)SSCrazy (2.9K reputation)SSCrazy (2.9K reputation)SSCrazy (2.9K reputation)SSCrazy (2.9K reputation)SSCrazy (2.9K reputation)SSCrazy (2.9K reputation)SSCrazy (2.9K reputation)

Group: General Forum Members
Points: 2927 Visits: 662
I like CLR! Imagine all the possibilities...
I don't like CLR! Imagine all the possibilities...
Dave Poole
Dave Poole
SSC Guru
SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)

Group: General Forum Members
Points: 64126 Visits: 4053
thierry.vandurme - Tuesday, December 18, 2018 1:21 AM
I like CLR! Imagine all the possibilities...
I don't like CLR! Imagine all the possibilities...


http://www.sqlservercentral.com/stairway/105855/ dispels most of the myths

LinkedIn Profile
www.simple-talk.com
Dave Poole
Dave Poole
SSC Guru
SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)

Group: General Forum Members
Points: 64126 Visits: 4053
When building a Hadoop stack we ran into a lot of problems with different versions of the components not talking to each other. That is why Hortonworks, Cloudera and MapR exist, to provide the guaranteed version matching of the disparate components.

In terms of upgrading anything in the Hadoop stack we took the approach of having a local repository. This meant that the stack was always built from known, tested versions of the software in the local environment and not from whatever was most current from the internet.
As a separate repo we DID pull the latest stuff from the internet and this went through a rigorous testing cycle to ensure that version compatibility issues were thrashed out, penetration testing was done etc. Only when all this was done would the contents downloaded from external sources be allowed into the local repository. This also reduced the attack surface area as the number of routes and ports to the main system could be greatly reduced.
I don't know if this approach can be taken with Node.JS but I would be surprised if it couldn't.

LinkedIn Profile
www.simple-talk.com
thierry.vandurme
thierry.vandurme
SSCrazy
SSCrazy (2.9K reputation)SSCrazy (2.9K reputation)SSCrazy (2.9K reputation)SSCrazy (2.9K reputation)SSCrazy (2.9K reputation)SSCrazy (2.9K reputation)SSCrazy (2.9K reputation)SSCrazy (2.9K reputation)

Group: General Forum Members
Points: 2927 Visits: 662
David.Poole - Tuesday, December 18, 2018 1:38 AM
thierry.vandurme - Tuesday, December 18, 2018 1:21 AM
I like CLR! Imagine all the possibilities...
I don't like CLR! Imagine all the possibilities...


http://www.sqlservercentral.com/stairway/105855/ dispels most of the myths

Thanks Dave. Did some testing in the past and I was able to gain sysadmin permissions, if I remember correctly (been a while) I ran sqlcmd -E from within my CLR procedure gaining access to SQL under it's service account.
I'm vary wary of it, especially if it's untrusted 3rd party components for which we don't have the code

Rod
Rod
SSC-Dedicated
SSC-Dedicated (30K reputation)SSC-Dedicated (30K reputation)SSC-Dedicated (30K reputation)SSC-Dedicated (30K reputation)SSC-Dedicated (30K reputation)SSC-Dedicated (30K reputation)SSC-Dedicated (30K reputation)SSC-Dedicated (30K reputation)

Group: General Forum Members
Points: 30096 Visits: 2813
We use NuGet a lot for .NET development. Love it. We've talked about setting up a NuGet server, so we could deploy our own packages in-house. I know this is a bit off-topic, but where I work now my boss doesn't like to use third party tool suites, like Telerik. He'd rather we rolled our own. Guess he must have been bit in the past with some third party toolkit.

Kindest Regards,Rod
Connect with me on LinkedIn.
t.ovod-everett
t.ovod-everett
SSC Eights!
SSC Eights! (988 reputation)SSC Eights! (988 reputation)SSC Eights! (988 reputation)SSC Eights! (988 reputation)SSC Eights! (988 reputation)SSC Eights! (988 reputation)SSC Eights! (988 reputation)SSC Eights! (988 reputation)

Group: General Forum Members
Points: 988 Visits: 506

One of the seminal papers on this is Ken Thompson's "Reflections on Trusting Trust". https://www.archive.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf
It sends a shiver up my spine every time I read it, but there has been a lot of interesting stuff written about it in the past 34 years, so I recommend doing some Googling and reading!


Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum









































































































































































SQLServerCentral


Search