Originally posted by jaywill
If you're processing millions of records and performance is an issue, how much turnaround slowdown are you likely to get because of giving detailed care to buffer overflow and "SQL injection" ?
You are probably right that increase security results in a performance hit. However I suspect that for many of us the cost hit in terms of programmer time is more significant.
This whole discussion reminds me of the Windows / Linux situation.
Linux was very successful on servers because of its security.
Windows was successful on the desktop because of its ease of use and backward compatibility - both of which resulted in poor security.
Microsoft spent lots of effort trying to make Windows more secure resulting in it being harder to use and more annoying.
The lesson for me is that though security is important, you can over do it in situations where it is not really required.
The number one cause of virus' in my part of the world is all due to the fact that Windows has auto-play turned on for flash drive by default. If they simply sent out a patch that turned that off then that would eliminate 90% of virus' around here. It can be turned off manually but not many people know that.