RE: Database Change Control Process

From: Patterson, Joel <>
Date: Wed, 26 Feb 2014 10:45:38 -0500
Message-ID: <C1117B1AA0340645894671E09A7891F715F34CFF30_at_EIHQEXVM2.ei.local>

Hmmm. That is an interesting take. In our production environment anyway, no-one but the head developer or designee was allowed in.

Originally, only DBA's had the password or access, (so some **** developer could not change the code that was checked out before install), but we actually broke the schema into two schemas. Tables and DDL etc. became DBA territory, and the other schema was all the code. This sped things up by not having to involve DBA's in all the changes - which eliminated a lot of calls. --- but I digress.

From: [] On Behalf Of Nigel Thomas Sent: Wednesday, February 26, 2014 9:31 AM To:
Cc: Oracle-L Group
Subject: Re: Database Change Control Process

Git (with suitable configuration) supports the ident attribute, which results in $Id...$ being replaced not with a version or revision number like CVS or SVN, but with a SHA1 hash of the file (which you can then match back to specific file versions). The hash is a little less developer friendly than a revision or version number but it does aid verification. The issue for database objects is that some **** developer may have edited your code in place; so whether you use a CVS version, SVN revision or Git hash, you can only truly verify the code is valid by comparing it with the authorised version.

I guess it might at least be feasible to build a package that reads from USER_SOURCE (I am thinking mainly about stored routines) and calculates the SHA-1 hash; it can compare it with the presented hash to ensure the routine hasn't been interfered with. That's something you couldn't do so easily with version numbers, especially if the version control repository isn't accessible from the database server.


Regards Nigel

On 26 February 2014 14:11, William Robertson <<>> wrote:

I recently learned that Git does not have this feature, and that the whole idea is regarded as somewhat passť by 3GL developers who can only conceive of compiling executables from a directory structure. I can't find it now but one discussion on Stackexchange linked to some comments from Thorvalds about how trivial it was to find the version of something without it <remainder snipped...>

Joel Patterson
Sr. Database Administrator | Enterprise Integration
Phone: 904-928-2790 | Fax: 904-733-4916<>


[]<> [] <!/entint> [] <> [] <>
This message (and any associated files) is intended only for the use of the addressee and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient, you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. Messages sent to and from us may be monitored. Any views or opinions presented are solely those of the author and do not necessarily represent those of the company. [v.1.1] --
Received on Wed Feb 26 2014 - 16:45:38 CET

Original text of this message