Over the past month, much press has appeared in the blogosphere dedicated to the NoSQL movement. I first came across their existence by reading this article on the Computerworld web portal and have been following the heavy traffic on the subject since.

NoSQL held their inaugural get-together in San Francisco last month to discuss a future where traditional RDBMS's from the likes of Oracle, Microsoft and IBM are consigned to history in favor of open source data stores. Their ethos is that traditional RDBMS's are not scalable and force data to be twisted to fit into the relational world. What is the likelihood of a world where legacy systems are driven by the new breed of data stores?

How important the fast database response is, I hope I needn't explain. But making database easily available and performing well when a system rapidly grows is hard to enforce even for experienced database administrators. In this post I would like to describe the impact of internal database objects on database performance for different processes taking place in database.

Recently I have attended to the lecture of OWASP's Sebastien Deleersnyder about web applications security. Even though the presentation covered some quite basic issues that websites, portals and maybe (but not likely, I hope) on-line banking systems are having, it certainly was a good opportunity to systematize one's knowledge. Sebastien described most critical web-apps vulnerabilities and demonstrated examples how they can be exploited by an attacker.

It got me thinking, how do web-apps security issues fit into security models of distributed architectures that enable resource sharing among organizations? What I have in mind are systems where data centers are spread all over the world and different organizations have access to different parts of it, while within each organization there are users with many roles assigned and various rights. Such systems need to be protected not only from external threats, but internal unauthorized access to data as well. Although basic web-apps security issues need to be taken into consideration when creating top-level user interface, designing the security framework for such a distributed system is a totally different story.