Re: End of hypocrisy ?
On Fri, 8 Aug 2014 20:50:14 -0400
Steve Litt <slitt@troubleshooters.com> wrote:
> Seventh, there's 40 years of experience with text logs. Are they
> perfect? No.
The thread that doesn't die --- misinformation all over the place, and some it
that my misinformation -- sorry 'bout that.
Anyway, I feel prodded, so rebuttal...
Perfect? I should definitely say not...
a decade or so of remote exploits in no particular order:
http://www.securityfocus.com/bid/10684/discuss
http://xforce.iss.net/xforce/xfdb/43518
http://cxsecurity.com/issue/WLB-2011020121
http://www.securiteam.com/securitynews/5XP0K0U9GK.html
http://www.juniper.net/security/auto/vulnerabilities/vuln3498.html
http://www.linuxtoday.com/security/2000091801204SCRH
http://www.cvedetails.com/cve/CVE-2000-0917/
http://securitytracker.com/id/1019105
http://www.redhat.com/archives/linux-security/1999-November/msg00013.html
systemd with its binary file format and buffered line to and from a service
daemon will [or should] nearly automatically take care of some very nasty
security problems that crop up from time to time... Now, imagine if the the log
was kept in an sql database secured with a public key or password or something
dependent on the local machine, and the queries were properly escaped to
prevent sql injection - something that would only need to be done once...
Of course all software is broken when it comes to security. However, that's no
reason to lay down the welcome mat.
BTW: To those complaining of Firefox's use of sqlite...
https://en.wikipedia.org/wiki/SQLlite
The browsers Google Chrome, Opera, Safari and the Android Browser all allow
for storing information in, and retrieving it from, a SQLite database within
the browser, using the Web SQL Database technology. Mozilla Firefox and Mozilla
Thunderbird store a variety of configuration data (bookmarks, cookies, contacts
etc.) in internally managed SQLite databases, and even offer an add-on to
manage SQLite databases.
So, all major browsers except IE use sqlite.
--Andrew
Reply to: