[Gambas-devel] Gambas Database Manager - Access Denied

Tue Jun 3 22:17:32 CEST 2003

On Tue, 2003-06-03 at 17:43, Ken Schrock wrote:
> I disagree with his disagreement : -)
> 
> Anybody that wants to use Gambas should know RDBMS? Why?

I may not have been plain enough, but what I ment was that anybody that
does development against an RDBMS needs to know that RDBMS.  Not
necessarily anybody using Gambas.

> I would like a lot of people to use Linux
> Do any of these corporate types have any idea
> How VERY difficult it is for "average" or "home" users
> To work around all the damn security built into most Linux distros?

Yes, it would be nice to have more users using Linux.  Yes it is very
difficult for a newbie user to learn of all the *ahem* security built
into most distros.  (Not that we are arguing about distros, but RDBMS
systems have security as part of their nature.)  I do not think that the
answer is to negate all of that security.  I think the answer is to make
it easier for the user to understand and maintain that security.

Must I name other OSs and other RDBMS systems that have been ruthlessly
attacked and are known for security exploits because either they were
not built on secure paradigms or what security they had was negated by a
well known back door or default user/password.  The SQL server exploits
that allowed a worm to wreak havok everywhere was not only due to admins
that did not pay attention, but by average Joes that installed SQL
server on their boxen connected to a DSL or cable modem.  Shame on the
admin.  He should have known better.  What about Joe user?  Do we blame
Joe because he didn't take the time to learn the security of SQL server,
or was it Microsoft for not forcing people to provide a password for the
sa account during login?

Let's say Gambas becomes very popular.  I want that, don't you?  I don't
want to see the bad publicity Gambas, Linux, and Postgresql/MySQL would
get when a worm or hackers attack these RDBMS systems trying to log in
with the gambas administrative level user.

> If you use Linux or Gambas in an environment where security is important
> Then you are probably getting paid for it, and should know what you are 
> doing
> And should be able to handle the security issues that such an 
> environment entails

When Joe user's system is hacked and crashes because he didn't know
about security and did not realize that Gambas installed a back door,
Joe user may very well no longer use Gambas OR Linux when he figures out
what is going on.

> Should Joe Blow, who wants to make a small app at home using Gambas
> Know all about RDBMS and climb over a mountain of security to do it? NO.

It would be nice for users to create small databases for personal user
ala Microsoft Access.  However, I do not think that either PostgreSQL or
MySQL was designed with this in mind.  Perhaps a search for a more
suitable database engine would be in order.  I'll do some research and
see if there are any good open source, single-user database engines that
may fit this bill.

> Yes, Benoit, I would like such a thing, I think most "normal" users would
> 
> If corp users want a big security version of Gambas, sell them one : -)

I respect your right to disagree.  However, I stand behind my original
post.

Thanks,
-- 
Philip A. Chapman

Application Development:
Java, Visual Basic, PostgreSQL, MySQL, MSSQL
Linux, Windows 9x, Windows NT, Windows 2000, Windows XP
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.gambas-basic.org/pipermail/devel/attachments/20030603/a5d52816/attachment.sig>