Re: NSE Infrastructure: Eliminate script.db

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brandon Enright wrote:
| <pure_opinion tone="friendly">
|
| Hi Kris,
|
| I'm actually glad that NSE uses a DB index file rather than dynamically
| building the list.  The build may seem instantaneous now, but on a busy
| file system with lots of scripts the cost of dynamically loading the
| list every time Nmap runs could end up being very high.
|
| A perfect example of this problem is Nessus.  If you are running just
| one check oftentimes the script enumeration process takes longer than
| the scan itself.
|
| I have a system setup where when someone comes online unregistered, a
| very small targetted Nmap and Nessus scan are run against them.  At the
| start of the school year this can mean thousands of individual
| Nmap/Nessus invocations an hour during a time when the disk is
| basically pegged.  The _only_ way I was able to get Nessus to respond
| fast enough was to removal all unused scripts in the directory and
| solve all of the script dependencies by hand.  I'd hate to have to do
| the same with Nmap.
|
| I know when you profile code you typically focus on repeated routines
| rather than startup costs but I'm very glad Nmap uses the DB approach
| over beating the filesystem to death every time it starts.
|
| I think it is quality design decisions like this and good code that
| keep people like you and I still interested in developing on Nmap.  The
| same could not be said for Nessus or many other open source projects
| that have trouble getting developers or fighting off the rumblings of
| "fork it".
|
| Brandon
| </pure opinion>
|

Hey Brandon,

Thanks for the considerate and detailed response I always associate with
you.

I imagined the DB was there for the very reason you describe; however, I
do like to at least get my opinions out on the list just in case :)

I never have more than a few computers on a LAN to play around with, so
I never need (and am never able) to do massive scans or tests with Nmap
(or anything other tool for that matter).  Unfortunately, this hinders
my judgement on how things "should" be (though I try never to say
anything absolute because I know my experiences are *very* limited
compared to power users like you).

I've smacked my forehead many times after reading responses to some
emails I've sent to lists :)

Thanks again,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBR+gya/9K37xXYl36AQLLtQ//aCgmy1Uu5RwpWKjp5ClYVuYxF6NtiPY8
FMQZ5rF+guTYxspJoYtHCel+OfPMS9Y9Bcn/bkUjBUSFAIa341cogg7OqEuk5Va8
4mq7mkVRcBaWJ6QwoOH1KLIzfo1KrJJlnOQUKlOru98jBddB/aCCCFrsJ53Ai5lM
8ldv46CMK0pq6zGIEG1FDEliqWkA4Q4DX+VDycTdcqys6DFiQdvm5jSPapN3v/j5
jDMaxi68QaCO2b4rRrfskG5KGmcpH/Uo6ssb+zulIMe6nV/nu5amP8MazQZ5ZVqp
Xf1a50dpm94Zhlfjm+y7dLYcDyNuNwSAdrzJVFJVBYZfTRroQimZcBgzvgbB9N0J
wyW3KzRqkZ8L2Wsbrcdd3YphKoqiUB0cVFLSjxi4lsy86ppo+oQdmm8lz7a1+Avl
yFcS3nUHmnZCSKJNM8wOyEgqRSiBKPuiimzfyOa4Z55RlMvZdZdv3zZKb87XeJS6
wY38vc01SSVDGy19VP3/cKeYq657+BDq5Hvjhxp9ksMUpvhdNH/oszwE/gQihzyA
rTG4RG85EOzh8kJOBifr+HmAaojJl0kBD87YVb6a3EIDLIOHL8AIRlsrn5iDyJYW
AwJGzcedNjkFAnR/h/0fL0xTlkrlLmQey97Me/xpqQrjXCHY5txDWe+EPAIzByCv
KSJMmMPeRFc=
=8snH
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org