Home > Blogs > Data is Code, and Data--Code

Data is Code, and Data--Code

Decades-old IT security principles routinely tossed aside--story at 11.

Let me reveal something:  I've been in IT for more than two decades.  I increasingly miss the discipline of older IT systems (and those who managed them).  Sure, joke about COBOL code--until you realize it still handles many financial transactions in many large companies.  Remember the days before IT cowboys, who ride their rebooted systems so often they look like a bad rodeo rider about to fall? 

Imagine systems so resilient, so robust, that people forget the IPL, er, reboot commands.

At one time, there was a serious and determined division between code and data.  Today, the most routine visit to a website can provide a redirect, a bit o' Javascript, that can compromise your browser and computer system.

It is the intermingling of Code and Data that has me determined to go 'Slash & Burn' with my Internet systems.  To you, it's a word processor document--Data.  To the attacker?  It is a series of macro extensions that can dupe you into running commands.  To you, it is a DATAbase, a series of DATA tables, views, etc.  To the attacker?  Stored procedures, like xp_cmdshell, allow lots of privileged access if secured poorly.

I've always wanted to emulate Keats.  But let's be realistic.  Grecian Urns?  That whole Beauty & Truth thingie just don't apply no more in todaze so-sigh-ity.  Instead, we need to reflect on the disappearing dichotomy between Data and Code.

jt, IT Visigoth

Comments

comments powered by Disqus

Become an InformIT Member

Take advantage of special member promotions, everyday discounts, quick access to saved content, and more! Join Today.