Data is Code, and Data--Code
Let me reveal something: I've been in IT for more than two decades. I increasingly miss the discipline of older IT systems (and those who managed them). Sure, joke about COBOL code--until you realize it still handles many financial transactions in many large companies. Remember the days before IT cowboys, who ride their rebooted systems so often they look like a bad rodeo rider about to fall?
Imagine systems so resilient, so robust, that people forget the IPL, er, reboot commands.
It is the intermingling of Code and Data that has me determined to go 'Slash & Burn' with my Internet systems. To you, it's a word processor document--Data. To the attacker? It is a series of macro extensions that can dupe you into running commands. To you, it is a DATAbase, a series of DATA tables, views, etc. To the attacker? Stored procedures, like xp_cmdshell, allow lots of privileged access if secured poorly.
I've always wanted to emulate Keats. But let's be realistic. Grecian Urns? That whole Beauty & Truth thingie just don't apply no more in todaze so-sigh-ity. Instead, we need to reflect on the disappearing dichotomy between Data and Code.
jt, IT Visigoth
Commentscomments powered by Disqus
Become an InformIT Member
Take advantage of special member promotions, everyday discounts, quick access to saved content, and more! Join Today.