Re: APIs - Sorry to ask

---

• From: "Ed Prochak" <ed.prochak@xxxxxxxxxxxxxxxxxx>
• Date: 1 Jul 2005 11:50:16 -0700

---

But Jim's point still applies: consider what backend you may use and
the API issue may resolve itself. For example there are ways in ORACLE
to read ordinary files as if they were tables. I fyou picked ORACLE,
your API is simplified in thay you application doesn't know or care
whether the data is in a file or a real table. So solving the table
versus file issue is rather small compared to the security issues.
It's not simply a question of trusting Staff. Will these hospitals have
network connections? Internet access? Yours would not be the first
system to let private info be hacked.


FWIW, the system I work on now has a JAVA based application that is
fired off by a .NET front end (that handles the login). So will skill
and careful design it doesn't necessarily have to be an either/or
question.

The other end of security is reliability. can you really trust writing
data to FLAT FILES not to be corrupted during a system crash? I've
worked on medical diagnostic equipment and the guiding rule for us was
"better no result than a wrong result".
We went to great pains making sure no test data was corrupted.

So just because these are smaller doesn't make the security issues go
away.

HTH,
ed

.

---

• References:
  • APIs - Sorry to ask
    • From: mz
  • Re: APIs - Sorry to ask
    • From: Jim Kennedy
  • Re: APIs - Sorry to ask
    • From: marz

• Prev by Date: Re: Purchase Order Sofware
• Next by Date: Re: Data Definition Language
• Previous by thread: Re: APIs - Sorry to ask
• Next by thread: Purchase Order Sofware
• Index(es):
  • Date
  • Thread

---

Relevant Pages [Full-disclosure] RE: Oracle read-only user can insert/update/delete data ... I have sent testcases to Oracle too that shows that it works against any oracle version currently ... Buffer Overflow Vulnerability (SCO Security Advisories) ... Mandriva Linux 2006.0/X86_64: ... (Full-Disclosure) Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility ... On Security, Is Oracle the Next Microsoft? ... these flaws are still not fixed and are still ... > fix these issues. ... (Bugtraq) Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility ... Oracle software, the same when you hear and read ... security vulnerabilities and this is nothing new, ... you reported they don't audit similar bugs to fix all ... these flaws are still not ... (Bugtraq) Re: Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibil ... 786 days ago I reported a remote exploitable bug in Oracle Reports server. ... An attacker could abuse this bug to destroy an entire Oracle Application Server by overwriting files. ... I know that fixing a security bug costs time and money. ... these flaws are still not fixed and are ... (Bugtraq) [NEWS] Oracle Unauthenticated Remote System Compromise ... Beyond Security would like to welcome Tiscali World Online ... Oracle is the leader in the database market with a 54% market share lead ... There is a remotely exploitable buffer overflow vulnerability in the ... authentication process with the Oracle Database Server. ... (Securiteam)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)