On Apr 3, 2012, at 12:59 , ruby rocks wrote:

> I just wonder if there is anything that I am overlooking, but I am=20
> pretty convinced that using less code is good from a security=20
> perspective, especially as it seems like I do not need all of the=20
> features of MySQL. Why include potential security bugs to get features=20=

> that I do not require?

I think you have oversimplified the equation.=20

I would submit that [a large block of widely used aggressively tested =
code created by specialists] has a very high probability of being more =
reliable, and more secure, than [a small amount of brand new code tested =
by a single person].

Personally, I would never try to manage storing data in an encrypted =
form by coding my own I/O routines. I would be looking for a mature =
library or storage system with a good interface library.=20

OK, personally, I would go right to PostgreSQL, but that's because I'm =
already familiar with it. If I were starting from scratch, I might pick =
something else.=20