| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle NULL vs '' revisited
On Aug 21, 11:40 am, DA Morgan <damor..._at_psoug.org> wrote:
> euan.gar..._at_gmail.com wrote:
> >> Consider this for example. In a US medical environment with patient data
> >> HIPAA, federal law, requires that SELECT statements be audited. We have
> >> been able to do that in Oracle for years. InSQL Serverit is still
> >> impossible. Something that won't be fixed until at least 2009. If I
> >> tried to put together a page of all differences I would need months just
> >> to catalog the differences.
>
> > I'm sorry you lose again, I suggest you review SQL Trace with the C2
> > option which has been available sinceSQL Server2000.
>
> Try again:
>
> "whileSQL Server2000 can indicate which user might have updated a
> table, it cannot capture the actual content of the update. Still,SQLServer2000 does conform with the C2-level auditing required by certain
> government users."http://www.itworld.com/AppDev/136/ITW010305talmage/
>
> Next go to:http://www.microsoft.com/technet/prodtechnol/sql/2000/maintain/sqlc2....
> and scroll down to:
> "List of Auditable Events"
>
> If you are going to comment on a product ... take the time to learn
> something about it. According to Microsoft it can not meet HIPAA based
> on what is published on their website.
> --
> Daniel A. Morgan
> University of Washington
> damor..._at_x.washington.edu (replace x with u to respond)
> Puget Sound Oracle Users Groupwww.psoug.org
These are always such fun.
You said:
"...requires that SELECT statements be audited. We have been able to do that in Oracle for years. InSQL Serverit is still impossible..."
And now you want to have a conversation about updates. I never said that C2 was the answer to HIPAA I said it was the answer to select audits. If you want to discuss a HIPAA solution, thats going to involve trace and some other technologies, its a bit ugly depending on the implementation and in fact C2 would likey be overkill for HIPAA but as I am not a HIPAA expert I can't comment. There is however http://www.lumigent.com/products/auditdb.html which is an elegant solution for SQL Server, Oracle and others (which I noticed you dropped in your reply) and mentions HIPAA specifically.
Needless to say there are plenty of orgs using SQL Server that are subject to HIPAA, just as I am sure there are plenty using Oracle, DB2 and other database platforms.
I'm willing to acknowledge that Oracle and IBM have a place in the database industry and that my lack of knowledge and experience with them in recent years means I should refrain from commenting deeply on their functionality/solution areas, it seems once again you are unwilling to take the same position regarding SQL Server.
As always looking forward to the next round.
-Euan Received on Tue Aug 21 2007 - 16:49:42 CDT
 |
 |