Assumption of no database full script trigger

Source: Internet
Author: User

From the computer development to today, the human world is completely transformed by the code, there is no code there is now a colorful society. We should pay tribute to the predecessors who worked hard for the creation of the code.

Contact with the code know that the code needs to support the database to better play the energy. After several generations of efforts, the perfection of the code mechanism has reached the bottleneck that no one can break. My understanding of the code is not profound, nor advanced code skills, but in line with their own analysis of the existing code, boldly proposed no database Full script trigger assumptions . It is not a question of the code created by the predecessors, but a vision of my own personal code.

The advent of the database gives the code a nearly perfect buffer, and we can write the data we want to store in the database with code. The database is unmatched in code, and as a result, more network security breaches start with the database. No matter what kind of database, need statement instruction to trigger the function of the database, so the statement instruction becomes the biggest security hidden danger! And this database of loopholes can only rely on patches and code to improve, such factors, the requirements of the code has climbed, making a lot of software or the founder of the site more pressure. As early as 6 years ago, I thought, what if I had to abandon the database? Over the past 6 years, I have done several code tests and found that no database is available.

   Understand the code know that the existing website account login management mechanism is the use of cookie and session double authentication, perhaps there are other ways I do not know. Both of these mechanisms are read from the database User data table to the user requesting access to the computer in the local browser, in this case, why we do not have a way to direct code assignment to the verification mechanism? Of course, this has been achieved four years ago, I remember correctly, the first time was found when actually is the Web Trojan back door, do not remember this has login to verify the Web Trojan back door of the original author is which code predecessor, but undoubtedly his way to verify the feasibility of my vision. I also know, throw away the database, is undoubtedly a code revolution! But this idea after a few years in my mind circled, more and more sure, the charm and potential of the code is unlimited, no database code will be more excellent than the database, at least in the security of the database statement instruction is no longer the vulnerability of the code threat, at least can be more streamlined code, making running smoother and more convenient to review. Throwing away the database also reduces the stress on the hardware. Believe that a lot of people know the existence of Netbox, and Netbox's official website is built with Netbox, his website has never been a series of changes, there are many capable of testing, have failed to end! Not the server, Netbox server is not as good as the netbook, but in this way, the code is indeed defensive invincible! Discerning eye all see, the site is purely static. Yes, there is no database statement, no executable command, so there is no chance of being exploited, even some network security breaches such as CC attacks are invalid for static code!

Static is the oldest and the beginning of the web, after several years, still show its unique charm. From the advent of ASP, JSP, Perl, DLL, PHP, aspx, do script dynamic scripts, static HTML once faded out of code stage. Remember my first contact code, is ASP, then the stage of formal ASP, website source code such as Peacock General. Then there is a higher level of posture in PHP. With the development of dynamic scripting code, but also to the code of the creators of a more rigorous test, the code is always a loophole in the dynamic script! Such a bad situation, but also outstanding people come up with a separate method, the site before and after the separation, although it is once more deep hidden loopholes exist, can exist or always exist, eventually will be found. What is more, there is a static instead of a dynamic foreground, in response to access to the user's request, although the source could not attack the access to the foreground, can not find the background path? As long as there is existence, will eventually be found! And now many of the network security damage, is undoubtedly to give us a wake-up call, unless we delete the dynamic script, otherwise there is the possibility of attack damage!

For so many years, I have found a strange place where static is completely protected from scripting attacks. I believe that I am not alone in the static script to make a fuss, five years ago, listened to a foreign people mentioned her idea of CDN and WAF, she wanted to do dynamic static cache, access to the request is the cache of static content, and WAF can be rewritten through the URL, when the attack encountered, The attack URL automatically jumps to the static page to defend against it. Such technology has long surfaced, and has been put into a wide range of applications. But the creator is not her.

Years of accumulation, more enriched my vision, and the existing code is dependent on the database. One months ago, I started a lot of code testing, and finally create a new field of non-database site source code, of course, not that I developed this Code design interface how beautiful, I want to say, I this set of Web site code abandoned any type of database.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.