On Wed, Jun 18, 2008 at 10:36 PM, Douglas McNaught <doug(at)mcnaught(dot)org> wrote:
> . . . SQL permissions should be all you need.
>
> -Doug
~
What about the security implications? Is the J2EE server enough to
control access to the DB?
~
Java does not allow for buffer overruns and such hacking venues, but
what would happen if a hacker somehow gains access to the data
directly, bypassing the J2EE server?
~
The thing is that for performance reasons I could not nicely model
highly hierarchical data objects using SQL tables, so I have to come
up with complicated data structures that I serialize and keep in
fields as BLOBs
~
And yes, I know, my approach was very roundabout ;-) I was trying to
fancy a hacker-proof scenario and it would all be based on scripts
~
I think SCSI disks even have a switch to -physically- avoid writing
to them. I'd wish I could use such features in regular SATA disks. I
definitely trust Physics
~
thanx
lbrtchx