Design Discussion (offtopic from Fav Petitions) |
Post Reply | Page <123> |
Author | ||
GM ThunderCat
Moderator Group GM Joined: 11 Dec 2009 Location: Everywhere Status: Offline Points: 2183 |
Posted: 24 Mar 2010 at 18:30 | |
Obviously, it depends on the situation. If its an internal or closed user group business app then direct SQL isn't such a problem. |
||
GM Stormcrow
Moderator Group GM Joined: 23 Feb 2010 Location: Illyria Status: Offline Points: 3926 |
Posted: 24 Mar 2010 at 18:33 | |
Fixed it for you, HM |
||
HonoredMule
Postmaster General Joined: 05 Mar 2010 Location: Canada Status: Offline Points: 1650 |
Posted: 24 Mar 2010 at 18:44 | |
lol.
I admire your fatalistic optimism. |
||
GM Stormcrow
Moderator Group GM Joined: 23 Feb 2010 Location: Illyria Status: Offline Points: 3926 |
Posted: 24 Mar 2010 at 18:47 | |
A witch! Burn him! |
||
fluffy
Forum Warrior Joined: 02 Mar 2010 Status: Offline Points: 335 |
Posted: 24 Mar 2010 at 18:50 | |
You don't look like a newt |
||
HonoredMule
Postmaster General Joined: 05 Mar 2010 Location: Canada Status: Offline Points: 1650 |
Posted: 24 Mar 2010 at 18:52 | |
Question: In more general situations (the game's event queue being a unique circumstance), if a webserver is compromised, doesn't the attacker pretty much have run of the palace just using any of the methods needed to accomplish actual functionality anyway? Normally, a web-based app is designed to manage an information system, making it the already critical point of failure, security wise.
Coming from my background, possibility of a compromized db was a serious concern not because of elevated access to the app's database, but because of access to other databases of other applications (otherwise protected by the requirement of different access credentials), including such things as customer information and credit card numbers (even CVV numbers for some naughty apps...ouch). Such compromise was not in any way possible under any circumstance by through a hacked app, regardless of how the DB was accessed. |
||
rescendent
Greenhorn Joined: 05 Mar 2010 Status: Offline Points: 60 |
Posted: 24 Mar 2010 at 19:03 | |
|
||
GM ThunderCat
Moderator Group GM Joined: 11 Dec 2009 Location: Everywhere Status: Offline Points: 2183 |
Posted: 24 Mar 2010 at 19:03 | |
If you were use direct sql the web site access to the database would give it the ability to do updates etc on the tables - in which case you do a whole host of things you shouldn't be able to do. |
||
HonoredMule
Postmaster General Joined: 05 Mar 2010 Location: Canada Status: Offline Points: 1650 |
Posted: 25 Mar 2010 at 00:24 | |
Right. What I'm meaning to say is that you have far more capacity to control what can be done by an authorized entity (i.e. the webserver) than you would more typically. There's clearly a lot that is done to carry out game progress and comparatively very little the website needs to be allowed to do. CRM software, for example must be able to access and arbitrarily modify so much sensitive information, and do so much with it interactively (such as charging credit cards or reversing charges) that compromising the CRM itself is about as serious a security leak as one can have, regardless of how tightly DB access from the webserver is controlled.
Of course that's where good software should ideally be splitting the front end into an actual front end and a middle tier for business logic and some more dynamic/heuristic security checks. At least then you can, for example, keep full credit card numbers away from the web server, though it must still be allowed to do things with the credit card numbers it can't see. In practice, I've never actually seen a proper 3-tier web-based project. To be honest, the stuff I've seen in the wild kind of scares me. But like I mentioned earlier, the clientele for which I was indirectly working was a bit seedy, and a hard sell for security improvements that require a rewrite for existing architecture that just plain sucks. One already takes his chances, I guess, when dealing with telemarketers or borderline-fraudulent web services (like sites selling access to casting calls that were just scraped from other sites like craigslist). Just don't be surprised if having a hard time canceling your account isn't your only grief. I'd love to find a similar shop but working on more respectable projects. My coworkers and boss were awesome, but their business associations less so. I absolutely love the hat, by the way. It's impossible to find a decent bowler hat around here that fits my narrow head. So I wear a soft fedora instead. Edited by HonoredMule - 25 Mar 2010 at 00:26 |
||
HonoredMule
Postmaster General Joined: 05 Mar 2010 Location: Canada Status: Offline Points: 1650 |
Posted: 25 Mar 2010 at 05:02 | |
Stormcrow, are you familiar with thedailywtf.com? There's a thread in my alliance's forum labeled "Perhaps
the purpose of your life is to serve as a warning to others." Sadly,
everyone frequents that thread often, myself included. thedailywtf.com is the software engineer's version of that thread. Being a DB admin yourself, I figured you'd especially enjoy the site's latest article:
http://thedailywtf.com/Articles/The-Certified-DBA.aspx |
||
Post Reply | Page <123> |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |