Re: session control

From: Sybrand Bakker <gooiditweg_at_sybrandb.demon.nl>
Date: Mon, 23 Dec 2002 09:30:40 +0100
Message-ID: <b6id0vokp07tlapnfqf4q9h2gmo2dnmrl4_at_4ax.com>

On 22 Dec 2002 09:49:37 -0700, dirish_at_arsmagna.com wrote:

>One idea that Sybrand did not mention is to move all of the data
>manipulation into a PL/SQL (or Java if that's your thing) module

You would still need to close the backdoor, would you? You don't want to know how many applications I have seen without real passwords, sys and system passwords never being changed, or even sys passwords being present hardcoded in kornshell scripts. And after all *anyone* with the DBA role (usually *all* developers) can do *anything*. So unless you have proper declarative RI in the database, or proper triggers in the database, if you are going to rely on pl/sql code only, you should be prepared for unpleasant surprises.

Sybrand Bakker, Senior Oracle DBA

To reply remove -verwijderdit from my e-mail address Received on Mon Dec 23 2002 - 09:30:40 CET

This message: [ Message body ]
Next message: DA Morgan: "Re: Brute Force Quickie Developer needs minor assistance finding code tool . . ."
Previous message: DA Morgan: "Re: Conditional Constraint?"
Maybe in reply to: pradip_chanda: "session control"
In reply to dirish_at_arsmagna.com: "Re: session control"
Next in thread: J Alex: "Re: Conditional Constraint?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message