Tuesday, April 20, 2010

NoSQL More Secure?

This is just a theory, but could the current "NoSQL" solutions provide a more secure data storage solution than a relational database? Now, I don't know what type of authentication all of them have. It seems like they have little to none, however I'm approaching this from a different perspective.

SQL injection attacks are some of the most wide-spread attacks that have occurred in recent years. These attacks typically are done through a web sites input forms or perhaps a modification of the parameters in a URL.

NoSQL solutions, however, do not use SQL, therefore these attacks wouldn't work on these types of data stores. Any "queries" that are performed are most likely done in code with perhaps some filtering or ordering done in the data store and since the interfaces for these solutions vary, similar types of attacks aren't possible. Well, except perhaps if a specific data store and/or middleware was targeted.

So, I'm kind-of thinking that perhaps a side-benefit of this sort-of new movement is that SQL injection attacks or similar are much harder if impossible. I have no proof, but this is something that probably should be explored as currently I'm not 100% convinced that NoSQL is the way to go with web sites, however improved security would be a compelling reason to consider such solutions. Of course, this is assuming that the basics are covered, such as secure authentication and perhaps even link encryption.

Labels: , ,

Friday, April 16, 2010

Launchpad

Well, I finally did it. I set up a Launchpad account and I currently have two projects on it. The first is just various experiments that I've been trying to work on from time to time. It's mainly there as a backup, however I figure if anything good comes from it, I can put it in it's own project and there will still be the full history, though not directly linked.

The second project is what I'm calling ubackup. It's nothing big, just a simple little backup program that leverages other software to handle the compression and data integrity. I originally wrote a version in Erlang just because I wanted to play with the concurrency a little bit. However, I realized very quickly that it wasn't the best solution as once you remove the Erlang VM, it doesn't work anymore and it bit me just before I was upgraded. I use freearc for the data compression to take a directory and compress it to a temp directory. From there, it will copy the compressed archive to a shared area.

Granted, this is not a perfect backup solution, but it's what I wanted and I figured that it would be useful for others. Now, what I did do was set it up to use a config file to handle what commands are used to perform the compression and the final copying. This way, if you have your preferred compression util and a different system for storing the compressed file elsewhere, you can do it.

The current version will be written using the D Programming Language and will be using two threads: one to compress and one to copy. This worked well with the Erlang version and I wanted to do the same in this version. Now I just have to find the time to get it working.

Windows 7

Well, I finally got upgraded at work and I have to say that for the most part, it's not bad. Of course, this started out a little rough as the first thing it did while upgrading is delete every bloody file it didn't recognize. It was really disconcerting how destructive the update was. Thankfully I had all of my files backed up using Bazaar, which was a real lifesaver.

What else went bad? Well, with regards to the "improved stability" of the operating system, my laptop blue-screened twice the first day. Um...yeah. So far, it looks like a fluke as it hasn't done it again.

Now, for the nice: it looks like the OS is right where it's supposed to be performance wise...about 10 years too late. Granted, I turned off most of the effects by switching to the classic theme (E.g. Windows 95-XP), so I don't get the pretty hover effects and what not, but I prefer responsiveness over flashiness. Overall, the UI did improve for the most part, however I'm not sure how much I like the "Pin to taskbar" vs. the old taskbar where you could have quick-launch icons.

Well, what can you do. I'm just thankful that so far all I need to do my job is compatible with the new OS. Of course, most of what I've re-installed so far are PortableApps, so that makes a difference. The only thing I haven't re-installed yet is the Oracle client software and that's the only thing that I'm worried about right now.