Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Usenet -> c.d.o.misc -> Re: Where to do Data Validation?

Re: Where to do Data Validation?

From: DA Morgan <>
Date: Tue, 20 Nov 2007 19:03:38 -0800
Message-ID: <>

Brian Tkatch wrote:

> Other then the redundant "Data is data is data.", i disagree with
> everything you just wrote.

And your background in IT upon which you base this disagreement is?

>> Databases hold data in logical structures called tables.
>> The data they hold can either have meaning or not have meaning.
>> If the intent is for it to have meaning that meaning must be defined
>> and constrained within the structure of the database.
>> An external application can never guarantee the integrity of data
>> whether or not it may be metadata to another system.

> As a component of a controlled environment, however, it can.

There is no such thing as a controlled environment: Wake up!

>>>> In no case can a validation in a front-end or tool protect data in a
>>>> database from corruption ... EVER ... unless the quality of the data
>>>> is guaranteed by the database itself.
>>> Although, i would promote that statement as encouragement, it is not
>>> correct. In a controlled environment, the UI can be made to be the
>>> only path of data entry, as such, it can do the data integrity
>>> checking.
>> Nonsense: Total and complete nonsense. All Oracle databases have
>> SQL*Plus and thus a means of accessing the data without the UI.

> And without a username this does what?

One does not need a username to break in. Do you think locks on car doors prevent auto theft too?

>>> In many cases, and sadly most cases i have seen, the DB is merely a
>>> convenient place to store data, and basically all checking was done in
>>> the UI code.
>> Sadly is not the word I would use. What you are saying is that because
>> bad practices exist in some organizations they should be accepted. Some
>> of us aim a bit higher.

> And what you are saying is that because bad practices exist in some
> organizations they should pretend they do not exist. Some of us aim a
> bit more realistically.

You are the poster child for bad practices at the moment. What I am saying is that your employer needs to be protected from you. You are telling us that because the money is stored in a vault we don't need to worry about a bank robbery. You are promoting a fantasy.

>>> And that was what the programmers wanted.
>> And programmers make these decisions? Programmers? You've got to be
>> kidding.

> Umm, perhaps you need to leave you ivory tower and see the real world.
> I'm not saying it should be like this, i'm saying it is like this.

Nonsense. Absolute nonsense. If that is what it is like where you work I would guess that is probably true given that they hired you and no doubt have hired others like you.

But if you think that is what it is like at, AT&T, Boeing, T-Mobile, Washington Mutual Bank, Matsushita, etc. etc. etc. you are in need of a 12 step program.

>>>> Putting validation into the application will never, EVER, keep someone
>>>> with SQL*Plus from destroying it.
>>> Unless it is a controlled environment.
>> There is no such thing and, in fact, is impossible to build. If you can
>> find a single computer system, running Oracle, that does not have
>> administrative access I'd like to hear about it.

> And i would just as well keep you ignorant of it. Who knows what you
> would do!


would be a good first step.

Daniel A. Morgan
Oracle Ace Director & Instructor
University of Washington (replace x with u to respond)
Puget Sound Oracle Users Group
Received on Tue Nov 20 2007 - 21:03:38 CST

Original text of this message