Re: Archaic Table Names. Frowned upon Synonyms

This was the reply I sent to adrian.hodson_at_wanadoo.fr when he indicated the same thing:

The extra security provided by meaningless names is not something I would rely on, but it can deter invalid internal access, and delay external access to your data. Possibly giving you enough time to identify the access attempts through auditing.

If you had over a thousand tables in the database – each with 10 column names that also have no meaning – I believe it would take a lot more than 5 minutes to work out where something specific in the database is. You would need some form data dictionary, inside knowledge or luck. While I was at both banks – even people who had worked on the system for years did not know what a large number of the tables were used for.

These types of names add no security in an environment like SAP – as the core tables are the same across all installations, but do where details are not published and the naming standards are created in house.

For a PeopleSoft type system however, it does not take long to work out what a table is used for or what each column means. In that type of environment it would a person only 5 minutes to find what they are looking for.

Cheers, Doug

-----Original Message-----
From: Adrian Hodson [SMTP:adrian.hodson_at_wanadoo.fr]

Marc Fleischeuers wrote in message ...
>"Doug Carter" <dcarter_at_tui.com.au> writes:
>
>> I've worked at two banks now - and both had this type of environment. As
>> long as a concise data dictionary is kept, I see no problem with it.
 While
>> debugging etc can be a little more difficult the security offered by
 names
>> like that are well worth it.
>
>Would that be security through obscurity? You are aware that this
>only gives a warm and fuzzy feeling that your data is safe?
>
>Marc
Received on Fri Mar 20 1998 - 00:00:00 CET