On Monday 31 January 2005 7:58 am, Downey, Shawn wrote: > "If anyone can see the source code, then won't we be venerable to > hackers?"
Here is a very useful paragraph that should be given to anyone who thinks in the above terms: "A common question in the minds of some CEOs and CIOs is, 'If it is open, how can it be secure?' " The very question displays a fundamental misunderstanding of security. The correct notion was known and set down by Auguste Kerckhoffs in the 19th century. David Kahn's classic book, _The Codebreakers_, puts it succinctly for codes and ciphers: "security must reside solely in the keys." You must assume that the enemy knows the algorithm--"security by obscurity" is a delusion and a sham. Indeed, proprietary software is a far more likely haven for back doors and Trojans, because it is kept secret. Regarding the issue of SQL Server vs. SQLite: If the choice were between SQL Server and SQLite, and the need came up that SQLite could not meet, I'd pitch for PostgreSQL (_not_ MySQL). PostgreSQL version 8.0 has been released and runs natively on Windows. Cordially, Scott