October 8, 2009
StepSqlite and the iPhone
StepSqlite is a service provided my Metatranz, LLC. It claims to be a compiler for PL/SQL code that you can compile to run against SQLite. This compiled code is supposed to be able to run on an iPhone or linux with other platforms upcoming.
The way it works is that you submit your PL/SQL code via a browser to be compiled. The compilation happens and then you are presented with links to download the C++ header file and a .so library file.
This sounds great but I have concerns. I state these with the belief that those involved with the project are honest and upright people and that metatranz is an honorable company. Never the less, there are a few things that might keep me from using the service if I were responsible for security at a bank or some other institution that would be tracking secure data.
- How can I prove, for security requirements purposes not because I think that this service is malicious, that the code that was sent in is the code that is executing without added backdoors, viruses, outbound socket connections, etc?
- How do I know that the code is compiled to run efficiently?
Given these concerns, it would be great if metatranz open sourced their compiler code under the BSD or other appropriate license so that it could be evaluated. Also, that would allow for someone to verify the security of the .so produced without decompiling it.
I think PL/SQL on the iPhone would be great.