Some (much?) of the blame must rest with the DBMS suppliers - Oracle *used* to be a rigorous cast-iron solid system, but in an attempt to match the new 'user friendly' upstart from ms they broke security and referential integrity with things like instead-of triggers on updateable views and eventually ways of running dynamic SQL. I've used these, if you want quick and dirty in-house stuff and you're careful they're fine - but not for enterprise-level systems. A similar thing happened in the 'free as in whatever' arena with MySQL (originally not much more than a scripting toy) achieving much more acceptance than the more rigourous postgreSQL. AndyD 8-)₹
On 17/02/2012 16:39, Ed Leafe wrote: > On Feb 17, 2012, at 10:26 AM, Stephen Russell wrote: > >> The power of dynamic SQL ? >> >> That is running with scissors. > I still find it incredible that in 2012 there are people who consider > themselves professional developers who downplay security concerns, and who > ignore basic security practices. There are groups of people with advanced > PhDs in computing, networking and cryptography who do nothing but figure out > how to break into systems who are in the employ of various nations and > corporate espionage companies, and yet a lone programmer with some knowledge > of one or two development tools is going to outsmart them. > > I can't decide if it's hubris, stubbornness, or just sheer ignorance. > > > > -- Ed Leafe > > > > [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
