Re: writing files by pl/sql

From: Alex Filonov <afilonov_at_yahoo.com>
Date: 12 Feb 2003 10:50:37 -0800
Message-ID: <336da121.0302121050.49040262_at_posting.google.com>

DA Morgan <damorgan_at_exesolutions.com> wrote in message news:<3E4928C2.4D1F6DAE_at_exesolutions.com>...
> Alex Filonov wrote:
>
> > DA Morgan <damorgan_at_exesolutions.com> wrote in message news:<3E441C7D.2D7ECC64_at_exesolutions.com>...
> > > Alex Filonov wrote:
> > >
> > > > DA Morgan <damorgan_at_exesolutions.com> wrote in message news:<3E428C46.83307170_at_exesolutions.com>...
> > > > > Oliver Stratmann wrote:
> > > > >
> > > > > > Hello All,
> > > > > >
> > > > > > is there another way of writing files with a pl/sql-procedure than using the
> > > > > > utl_file-package?
> > > > > > is there a way of writing files with a pl/sql-procedure on a client-machine?
> > > > > >
> > > > > > thanks in advance!
> > > > > > oli
> > > > >
> > > > > There are other ways using C and Java.
> > > > >
> > > > > On the client? Undoubtedly if you wrap your own in C or Java but I've not seen
> > > > > anyone do it. And I'd never do it as it could be a huge security violation
> > > > > allowing data to walk out the door in diskette.
> > > >
> > > > Sorry, if data is available on the client machine (isn't it a goal of
> > > > client-server applications?) you can always cut and paste it to some
> > > > file, which can be then copied to diskette... :)
> > > >
> > > > There is no such thing as absolute security. And before you define
> > > > hardware/software security procedures, you need to determine which
> > > > people have access to which data. If you don't trust people, they
> > > > have no right to access data in any form, period.
> > > >
> > > > >
> > > > > Daniel Morgan
> > >
> > > One can always violate security one record field at a time. But there is a huge difference between cut
> > > and paste and SELECT * FROM ...
> > >
> >
> > Ever heard of reports?
> >
> > > Daniel Morgan
>
> No please tell me about them.
>
> Seriously ... of course. But reports are not data dumps unless someone is horribly confused about the
> purpose of a report. I've yet to see a report on a 500GB data warehouse that run the query SELECT * FROM ...
> though I've no doubt someone has implemented it somewhere.
>
> Daniel Morgan

Formatted report is bigger security concern than raw data. For example, every organization prints general ledger reports at least once a year, usually more often. In US, every organization prints tax reports. And, of course, initial post was about reports, even though poster didn't call them so. From programmer's point of view, every program with file output is a report.
Now, a dilemma. You either 1. Run, store and access reports on server only (perfect security, but what's the point, end users don't have access) or 2. Run, store and access reports on a client side (compromised security. In real world, it's usually combination of 1 and 2. Received on Wed Feb 12 2003 - 19:50:37 CET

This message: [ Message body ]
Next message: Gernot Ficker: "Re: DBA tools for Oracle 9i and 8i"
Previous message: Frank: "Re: FRM-92050: Failed to connect to the Server:/forms90/f90servlet:-1"
Maybe in reply to: Oliver Stratmann: "writing files by pl/sql"
In reply to DA Morgan: "Re: writing files by pl/sql"
Next in thread: Peter Morris: "Re: Personal Edition on XP"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message