[AccessD] Data interface The best way

Shamil Salakhetdinov shamil at users.mns.ru
Fri Oct 14 16:38:55 CDT 2005 

> So what special purpose is then served by the sproc?
IMO they are now getting obsolete for CRUD operations.

You're right Charlotte, I think - in a modern N-tier architecture if one
gets Data Layer objects running on a well protected server then there is no
need in CRUD stored procedures. MS SQL database tables/views can be still
well protected and Data Layer objects will use Application Roles to do
whatever these Applications Roles are allowed to do with the database using
dynamic SQL....

And SQL injection attempts can be blocked on Business/Data Layer object
interfaces level...

Shamil

----- Original Message ----- 
From: "Charlotte Foust" <cfoust at infostatsystems.com>
To: "Access Developers discussion and problem solving"
<accessd at databaseadvisors.com>
Sent: Friday, October 14, 2005 11:55 PM
Subject: Re: [AccessD] Data interface The best way


> Swell, define dynamic SQL.  When it is compiled into a dll, is it still
> dynamic?  When your permissions to the back end are highly restricted
> and all the SQL is created in the dll, is it still dynamic?  I
> understand the capabilites of sprocs.  However, in an N-tier
> architecture, you can build some of that same capability into the middle
> tier and validate the data before it ever gets passed to the backend for
> handling.  So what special purpose is then served by the sproc?
>
> Charlotte Foust
>
>
<<< tail trimmed >>>

More information about the AccessD mailing list