Re: OOP - a question about database access

From: Costin Cozianu <c_cozianu_at_hotmail.com>
Date: Fri, 07 Nov 2003 06:30:28 -0800
Message-ID: <bogabu$1dmsv4$1@ID-152540.news.uni-berlin.de>

>>
>> If recognized OO writers show this "understanding" of the data
>> management issues, imagine the rest.

>
> The above comments from Bob do not have any relation to "data management
> issues". Why would a database be a good place to validate text from an
> input field, wouldn't it make everyone's life a lot easier if data were
> validated before making a write to a DB?

Well, just because you typically *have to* do it in three places

First in the client (JavaScript)
Second in the middle tier (ASP.NET, Java, etc. )
Have it as a constraint defined in the database.

Any solution less than all three is pretty much guaranteed to be a bad solution

The first is absolutely required because tou want to help the user get the feedback faster. The second is is required cause if you rely just on the first onte, you're terribly exposed to hackers, also because you may take intelligent action (at the very least log that somebdoy bypasses the JavaScript, maybe it;s a hacker or maybe it;s a bug in your app, the third is absolutely required in case the first two failed (the field may not only be updated from one place/ one app), the database designer has an absolute responsibility to *enforce* data integrity as much as possible and practical. The third also helps find the bugs during the lifetime cycle of the app (development/qa/production).

I'm surprised how many people do not know the above rule.

Best,
Costin Received on Fri Nov 07 2003 - 08:30:28 CST