Hello, 2010-06-29 17:11 keltezéssel, Martin Holste írta:
My initial concern with the format of the pattern-db XML is with the CLSID-style ID's. I understand the advantages of CLSID's, but it is very expensive to create database indexes on them because of their enormous length. I would prefer to have an integer ID in the pattern XML somewhere. Other opinions?
Well, the current solution is the only guarantee, that the IDs are uniq. In my own rules I use a different naming for IDs, to make it more human readable. I use a combination of my nick name, program name and a number. For example: <ruleset name='sshd' id='czp-sshd'> <rule provider='CzP' id='czp-sshd-1' class='violation'> <rule provider='CzP' id='czp-sshd-2' class='system'> This is a way shorter than IDs in the sample database. And when used in a config file, it is a lot more easy to read. Of course, it is far from perfrect, but a lot more convenient. Bye, CzP