Hassan Schroeder wrote in post #1054862:
> On Tue, Apr 3, 2012 at 10:30 AM, ruby rocks <lists / ruby-forum.com>
> wrote:
>
>> ... and I think adding database
>> software is going to increase complexity and thus inherently decrease
>> the over all security of the finished program.
>
> Sorry, that's wrong. Storing your data as plain text in a file is hardly
> "secure", and writing your own data access routines is unlikely to be
> more secure than using well-used and -tested DB libraries.
>
>> I think this sort of database structure will be much less complex than
>> trying to use something like MySQL
>
> You're trying to recreate the functionality of a relational database for
> no good reason. If you want something simpler to install/administer
> than MySQL you can use SQLIte, or even a non-SQL datastore like
> Redis.
>
> FWIW,

Well, I do not plan to store it as plaintext but symmetrically encrypted 
with the users password as the secret key. The security I am talking 
about is from flaws in programming. It is widely recognized that bugs in 
code and code length have a correlation, and a general rule of thumb is 
to use as few lines of code as possible to lower the amount of 
potentially exploitable bugs. Since my program already uses ruby hashes 
and arrays in other places, adding more is not going to increase the 
complexity of the program, versus adding an entire database program like 
MySQL to the system. I don't seem to need all of the features of MySQL, 
and using MySQL is certainly going to significantly increase program 
complexity, and will inherently bring along all of the security problems 
of MySQL with it.

I just wonder if there is anything that I am overlooking, but I am 
pretty convinced that using less code is good from a security 
perspective, especially as it seems like I do not need all of the 
features of MySQL. Why include potential security bugs to get features 
that I do not require?

-- 
Posted via http://www.ruby-forum.com/.