Re: Some body know the impact in performance of unused database options installed

From: Hans Forbrich <fuzzy.graybeard_at_gmail.com>
Date: Mon, 20 Oct 2014 17:53:55 -0600
Message-ID: <5445A093.3010900_at_gmail.com>



Of course.

Since it would have to be totally home-grown (no data dictionary, therefore no way to make it generic; no place to store collected statistics that CBO to help it decide implying very narrow use case; no way to get internal info about the decisions being made by that CBO) the cost would be entirely borne by the developer.

Great job-security project from what I can tell.

As for 'no attack vectors', I suspect anything beyond 'hello world' that is compiled or interpreted ans uses memory, ends up with some form of attack vector. ;-)

/Hans

On 20/10/2014 4:23 PM, Iggy Fernandez wrote:
> It wouldn't be Berkeley or MySQL because you would still get the CBO,
> partitioning, parallelism, etc. You just wouldn't get a data
> dictionary, fixed views, or PL/SQL libraries. Not something anybody
> would want to try but theoretically it would the most secure (no
> attack vectors for hackers) and have no management overhead (because
> management capabilities don't exist). Just a crazy idea that popped
> into my head in an idle moment.
>
> Iggy
>
>
> ------------------------------------------------------------------------
> Date: Mon, 20 Oct 2014 15:55:32 -0600
> From: fuzzy.graybeard_at_gmail.com
> To: oracle-l_at_freelists.org
> Subject: Re: Some body know the impact in performance of unused
> database options installed
>
> Depends on what you define as overhead.
>
> If I understand your suggestion, it's basically a DI Y project Which
> means the overhead is in starting, implementing, and maintaining the
> 'kernel' and any features/capabilities.
>
> Which puts it somewhere around the Berkeley or MySQL arena, right?
>
> And when 'you' implement the PL/SQL capabilities, you can then start
> down the "what are the attack vectors inadvertently created" road ...
>
> Personally, I think Oracle server is far less expensive. ;-)
>
> /Hans
>
> On 20/10/2014 1:40 PM, Iggy Fernandez wrote:
>
> At the risk of being booed, I cannot help thinking that the
> database with the least overhead as well as the most secure is one
> that has no data dictionary or options whatsoever; that is, one
> created with CREATE DATABASE and nothing else. Yes, you will be
> able to create users, tables, indexes, etc but you will have no
> data dictionary whatsoever. No DBA_TABLES. No overhead and no
> "attack vectors" either. Am I completely crazy? Stark raving mad?
>
> Iggy
>
> P.S. With just a little extra, you will be able to create PL/SQL
> functions, procedures, and triggers.
>
>

--
http://www.freelists.org/webpage/oracle-l
Received on Tue Oct 21 2014 - 01:53:55 CEST

Original text of this message