Re: Identity Column
- From: sqlguru <sqlguru@xxxxxxxx>
- Date: Mon, 15 Jun 2009 06:43:53 -0700 (PDT)
On Jun 15, 8:37 am, "Tony Rogerson" <tonyroger...@xxxxxxxxxx> wrote:
Interesting, so....
string sql = "SELECT * FROM [users] WHERE id = @id;";
IDataReader reader = DbUtility.GetReader(sql, "@id", id);
When the users connects up to the database using Report Builder, Excel or
any other product that can execute queries they can get all the rows and
columns back from the [users] table.
Hell - what; now that really is secure!
Stored procedures everytime where you need security.....
Tony, you let your lack of experience talk for you. I don't use "small
business tools" like Access, Report Builder, or Excel so I can't speak
for that.
We have enterprise applications that go through a standard DAL (dal
per database, we get full object oriented properties). We don't use
"small business report tools", we use enterprise industry standards
like crystal reports that already make use of already well defined DAL
methods. The reports are already well defined for the end-user, this
isn't Access...the end user should not be "creating" reports in an
enterprise environment.
The idea of using stored procedure for security is just a "cowboy
coder" technique. It's for beginner-level DBA's who have no idea about
server hardening or lockdowns so they resort to 1980s standards.
You're better off powering down your database servers.
.
- Follow-Ups:
- Re: Identity Column
- From: Tony Rogerson
- Re: Identity Column
- References:
- Identity Column
- From: Sincere
- Re: Identity Column
- From: sqlguru
- Re: Identity Column
- From: Tony Rogerson
- Identity Column
- Prev by Date: Re: grouping question
- Next by Date: Re: What do people spend on self-education in the trade?
- Previous by thread: Re: Identity Column
- Next by thread: Re: Identity Column
- Index(es):
Relevant Pages
|
