[Owasp-dotnet] Beretta - Thoughts, Concepts and Ideas

[Mauro Ciaccio]

Hi,

I went over the powerpoint slides that Dinis prepared (lots of thought has
gone into Beretta already!) and given that my strengths are in designing and
programming data access - rather than those obscure things called packets
:) - I thought I'd give some feedback on the database related aspects of
Beretta. The idea of driving the application with raw TCP/IP packets makes
perfect sense BUT raises some questions on the DB side.

1) If the raw packets are to be stored individually, there is going to be
the need for some pretty intensive I/O
2) If the raw packets are to be stored grouped into XML files, then there is
going to have to be some pretty carefull design of the XML parser, as well
as use of additional meta-data to describe packet sequence, etc.
3) In either case, I would expect that performance would dictate the use of
a DB which implements stored procedures. That pretty much rules out
everything except SQL Server, ORACLE and MySQL (post Ver 5.0)
4) In any case, given the peculiarities of SQL in each product, I think it
would be preferable to commit to only 1 DB at the beginning. Otherwise there
are going to be additional costs deriving from having to implement some kind
of Data Factory.
5) The fact that all the application XML data source will be invisible to
the Beretta_Kernell.DLL will in any case require some kind of Data Factory
which will then be extensible in future to cater for different sources.

These are just some thoughts, which I think general views would be good to
have, even if it's just to point out where I am wrong.

Cheers,

Mauro