Home > Blogs > Data is Code, and Data--Code

Data is Code, and Data--Code

Decades-old IT security principles routinely tossed aside--story at 11.

Let me reveal something:  I've been in IT for more than two decades.  I increasingly miss the discipline of older IT systems (and those who managed them).  Sure, joke about COBOL code--until you realize it still handles many financial transactions in many large companies.  Remember the days before IT cowboys, who ride their rebooted systems so often they look like a bad rodeo rider about to fall? 

Imagine systems so resilient, so robust, that people forget the IPL, er, reboot commands.

At one time, there was a serious and determined division between code and data.  Today, the most routine visit to a website can provide a redirect, a bit o' Javascript, that can compromise your browser and computer system.

It is the intermingling of Code and Data that has me determined to go 'Slash & Burn' with my Internet systems.  To you, it's a word processor document--Data.  To the attacker?  It is a series of macro extensions that can dupe you into running commands.  To you, it is a DATAbase, a series of DATA tables, views, etc.  To the attacker?  Stored procedures, like xp_cmdshell, allow lots of privileged access if secured poorly.

I've always wanted to emulate Keats.  But let's be realistic.  Grecian Urns?  That whole Beauty & Truth thingie just don't apply no more in todaze so-sigh-ity.  Instead, we need to reflect on the disappearing dichotomy between Data and Code.

jt, IT Visigoth