[AccessD] Data interface The best way

Jim Lawrence accessd at shaw.ca
Fri Oct 14 19:04:33 CDT 2005 

Shamil, the other technique is to have secret passwords embedded in the
compiled FE (dll/executable) code and in theory that should eliminate
hostile attacks.

Here is a good article on CRUD:
http://www.databasejournal.com/features/mssql/article.php/3082201

Jim  

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Shamil
Salakhetdinov
Sent: Friday, October 14, 2005 2:39 PM
To: Access Developers discussion and problem solving
Subject: Re: [AccessD] Data interface The best way

> So what special purpose is then served by the sproc?
IMO they are now getting obsolete for CRUD operations.

You're right Charlotte, I think - in a modern N-tier architecture if one
gets Data Layer objects running on a well protected server then there is no
need in CRUD stored procedures. MS SQL database tables/views can be still
well protected and Data Layer objects will use Application Roles to do
whatever these Applications Roles are allowed to do with the database using
dynamic SQL....

And SQL injection attempts can be blocked on Business/Data Layer object
interfaces level...

Shamil

----- Original Message ----- 
From: "Charlotte Foust" <cfoust at infostatsystems.com>
To: "Access Developers discussion and problem solving"
<accessd at databaseadvisors.com>
Sent: Friday, October 14, 2005 11:55 PM
Subject: Re: [AccessD] Data interface The best way


> Swell, define dynamic SQL.  When it is compiled into a dll, is it still
> dynamic?  When your permissions to the back end are highly restricted
> and all the SQL is created in the dll, is it still dynamic?  I
> understand the capabilites of sprocs.  However, in an N-tier
> architecture, you can build some of that same capability into the middle
> tier and validate the data before it ever gets passed to the backend for
> handling.  So what special purpose is then served by the sproc?
>
> Charlotte Foust
>
>
<<< tail trimmed >>>

-- 
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

More information about the AccessD mailing list