[Dev] (db policy) transparent persistence

Curt Hibbs curt at hibbs.com
Wed Nov 27 11:40:44 PST 2002


Ricardo M. Reyes wrote:
>
> DM> What does transparent object persistence mean?
> [ ... deleted a lot ... ]
>
> I think Object Persistence looks really interesting, but there's
> something that bothers me, and maybe it's already taken care in the
> Persistence implementations.
>
> I guess that the storage of objects includes the code of the metods.
> If this is true, then I think it's a huge security risk. If someone
> tampers with the stored representation of an object, it can replace
> an inocent method with something dangerous, and then Chandler would
> execute that trojanized code next time the object is loaded.
>
> Am I wrong? Maybe the code is not stored on disk? or it's encrypted
> somehow?
>
> I would really like to hear from someone who used Obj. Persistence
> about this.

Typically, the code is _not_ stored in the database -- only the data is
stored. The object classes that know how to deal with particular types of
data would be part of the Chandler application.

Curt




More information about the Dev mailing list