[AccessD] Cascade-delete (was: Estimating Help)

Rocky Smolin - Beach Access Software bchacc at san.rr.com
Sun Feb 9 19:00:00 CST 2003 

Giving us a brand new definition of the word clueless.

Which renders the cascade delete setting irrelevant.  We're talking password
protected backend, no? Or encryption.

(Assuming a person who could go to the web and buy the password breaker to
get in is neither clueless nor innocent.)

Rocky

----- Original Message -----
From: "John W. Colby" <jcolby at colbyconsulting.com>
To: <accessd at databaseadvisors.com>
Sent: Sunday, February 09, 2003 12:34 PM
Subject: RE: [AccessD] Cascade-delete (was: Estimating Help)


> Yep.
>
> John W. Colby
> Colby Consulting
> www.ColbyConsulting.com
>
> -----Original Message-----
> From: accessd-admin at databaseadvisors.com
> [mailto:accessd-admin at databaseadvisors.com]On Behalf Of Rocky Smolin -
> Beach Access Software
> Sent: Sunday, February 09, 2003 2:38 PM
> To: accessd at databaseadvisors.com
> Subject: Re: [AccessD] Cascade-delete (was: Estimating Help)
>
>
> Would a clueless person be likely to rip thousands of record out of a
> database by going outside the app?
>
> Rocky
>
> ----- Original Message -----
> From: "John W. Colby" <jcolby at colbyconsulting.com>
> To: <accessd at databaseadvisors.com>
> Sent: Sunday, February 09, 2003 10:56 AM
> Subject: RE: [AccessD] Cascade-delete (was: Estimating Help)
>
>
> > What you are trying very hard to ignore is that the car can be stolen,
> that
> > the car can be legally borrowed by someone not intimately familiar with
> the
> > way it operates etc.
> >
> > I make no argument that turning off cascade delete magically locks up an
> > application, it doesn't.  However it does, absolutely and 100%
effectively
> > prevent a clueless person from ripping thousands of records out of the
db
> > with a single keystroke.  Your application is NOT the only way to get at
> the
> > data.  If it were your arguments might hold more water.  As it is, they
> leak
> > like a sieve.
> >
> > John W. Colby
> > Colby Consulting
> > www.ColbyConsulting.com
> >
> > -----Original Message-----
> > From: accessd-admin at databaseadvisors.com
> > [mailto:accessd-admin at databaseadvisors.com]On Behalf Of Gustav Brock
> > Sent: Sunday, February 09, 2003 1:43 PM
> > To: John W. Colby
> > Subject: Re: [AccessD] Cascade-delete (was: Estimating Help)
> >
> >
> > Hi John
> >
> > >>As a general note, it's the responsibility of a trusted user to not
pass
> > >>his/her access to an application to another user granted lower
> > >>rights to that application and its data.
> >
> > > That's about like the car company saying "it's the responsibility of
the
> > > driver not to have an accident", when faced with liability for not
> > providing
> > > safety mechanisms.  Absolutely true, but completely irrelevant.
> >
> > No it's not like that. It's like a father passing the car keys to his
> > twelve year old son. That's not the responsibility of the car
> > manufacturer.
> >
> > As a user with admin rights you left your application free to use by a
> > non skilled user with no admin rights - no developer can prevent that
> > other than secure every single operation with some kind of
> > authorization like a request for a password or a fingerprint. Such a
> > system is relevant for applications launching nuclear fireworks and the
> > like but not for the daily work with business applications.
> >
> > For specific and seldom operations, however, it can be OK; I have seen
> > an accounting application which asked you to type in D-E-L-E-T-E to
> > approve you really wanted to delete a financial year and all its data.
> >
> > Reading Rocky's post on this, it's something like that he's talking
> > about.
> >
> > /gustav
> >
> > _______________________________________________
> > AccessD mailing list
> > AccessD at databaseadvisors.com
> > http://databaseadvisors.com/mailman/listinfo/accessd
> > Website: http://www.databaseadvisors.com
> >
> >
> >
> > _______________________________________________
> > AccessD mailing list
> > AccessD at databaseadvisors.com
> > http://databaseadvisors.com/mailman/listinfo/accessd
> > Website: http://www.databaseadvisors.com
> >
>
>
> _______________________________________________
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
>
>
>
> _______________________________________________
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com

More information about the AccessD mailing list