SQL's advantages over text files
Results 1 to 3 of 3

Thread: SQL's advantages over text files

  1. #1
    The Prancing Pirate
    Join Date
    Jul 2004
    Posts
    548

    SQL's advantages over text files

    I was just wondering how an SQL database provides advantages over a text file when being handled by PHP, when the text file is laid out similar to a CSV. For example, I could have a table like the following:
    Code:
    Name | Email
    Joe | joe@joe.com
    Ben | ben@ben.com
    Kim | kim@kim.com
    This would be fine as a table in a database, but couldn't this just be in a text file using the | as separators? This wouldn't automatically rule out security issues like SQL injection and the like, while still providing a medium from which data can be read (and fairly easily).

    Admittedly, looking through a text file with data like the stuff above would be hell, whereas a database would be much more pleasant and easy to read - but, there is one method of attack less to try to defend.

    PHP can write to databases, but writing to a text file on certain lines and cells would be impossible, so in a writing case SQL takes first place. But if it's only reading data to sort into a nice viewable format, surely a plain text file with a set separator would do nicely?

    Just wanted to hear your opinions on this.

    Cheers,

    -jk
    TAZForum <---- click

  2. #2
    You can't query a text file quickly. Read about indexing:
    http://en.wikipedia.org/wiki/Database#Indexing

    Security isn't about cutting functionality, is about securing required functionality. I would accept the risk of attacks like SQL injection for the benefits of a DBMS.

    Is having a webserver on an ecommerce website a risk? If so, would you restrict access to port 80?

  3. #3
    The Prancing Pirate
    Join Date
    Jul 2004
    Posts
    548
    Originally posted here by Soda_Popinsky
    You can't query a text file quickly. Read about indexing:
    http://en.wikipedia.org/wiki/Database#Indexing

    Security isn't about cutting functionality, is about securing required functionality. I would accept the risk of attacks like SQL injection for the benefits of a DBMS.

    Is having a webserver on an ecommerce website a risk? If so, would you restrict access to port 80?
    Point taken and accepted. Up to now I've never really had any experience with databases (and I'm still learning PHP), so I wanted to minimise risks. But, security by losing functionality isn't the way to go (as you said) - and a text file being used as a database would be a nightmare

    Do you know any good SQL injection articles I could read, and in particular how to secure against them? I already found some info in SANS' reading room and in the PHLAK documentation, but I want to get more informed before I start using SQL. Google also provided some nice articles, but recommendations are welcome

    Thanks,

    -jk
    TAZForum <---- click

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •