 |
[Dev] Code tampering (Re: (db policy) transparent persistence)patrickdlogan at attbi.com Wed, 27 Nov 2002 20:30:35 +0000
> I guess that the storage of objects includes the code of the metods. > If this is true, then I think it's a huge security risk. If someone > tampers with the stored representation of an object... > Am I wrong? Maybe the code is not stored on disk? or it's encrypted > somehow? Transparent persistent does not imply storing the code in the database. The Gemstone Smalltalk database does, methods are just objects in Smalltalk. Others do not, they expect to have code in the application, on a classpath, etc. The Gemstone Java database kind of had both. Tampering with code in a DB is a risk, but so is tampering with code in a file system. Gemstone has ACLs that can prevent this, well, unless the bad guy has or gets the ACLs to tamper. -Patrick
|