RE: two instance -- one database

From: Rich Jesse <>
Date: Wed, 24 Sep 2008 12:15:58 -0500 (CDT)
Message-ID: <45045.>

> I think that COTS applications always have unique concerns. I should have
> been clearer that this is an in-house built app.
> But that's a very interesting scenario and approach. Thanks for sharing
> that. I have two questions. Do you include SELECT in DML, sometimes it is
> and.. If you control INS/UPD/DEL via the view only database, I guess that's
> fine, but do you force selects too?

No I don't include SELECT in the category of "DML" since it's not Manipulating anything. I can see restricting the tables from which queries are run being a future requirement, but for now SELECT is wide open.

> Second, why choose to not create any other schemas in our production? You're
> attempting to overcome a security deficiency in the prod database, why not
> create the Gatekeeper schema there? Seems like an aesthetic decision more
> than a practical one.

I'm not sure I follow you. The GRANTs are to PUBLIC, which is a special role that cannot be revoked. How would the gatekeeper prevent access other than perhaps a complex web of triggers?


Received on Wed Sep 24 2008 - 12:15:58 CDT

Original text of this message