[Dev] (db policy) transparent persistence
curt at hibbs.com
Wed Nov 27 11:40:44 PST 2002
Ricardo M. Reyes wrote:
> DM> What does transparent object persistence mean?
> [ ... deleted a lot ... ]
> I think Object Persistence looks really interesting, but there's
> something that bothers me, and maybe it's already taken care in the
> Persistence implementations.
> I guess that the storage of objects includes the code of the metods.
> If this is true, then I think it's a huge security risk. If someone
> tampers with the stored representation of an object, it can replace
> an inocent method with something dangerous, and then Chandler would
> execute that trojanized code next time the object is loaded.
> Am I wrong? Maybe the code is not stored on disk? or it's encrypted
> I would really like to hear from someone who used Obj. Persistence
> about this.
Typically, the code is _not_ stored in the database -- only the data is
stored. The object classes that know how to deal with particular types of
data would be part of the Chandler application.
More information about the Dev