MartyConnelly
martyconnelly at shaw.ca
Sat Nov 11 17:21:00 CST 2006
Could you not give them a development or sandbox copy of the database for them to bang away at. Or even a MSDE 2.0 personal copy. When their code goes to production tests convert the SQL to SProcs. Liz Doering wrote: >Dear SQL Server List, > >It is no doubt due to lurking on this list that I have now landed myself in >the kettle of soup I'm in. > >Two weeks ago, I was a all-Access developer at a tiny almost-all-Access >shop. Now I am the SQL Server DBA on a new project internal to Wells Fargo. >That I was able to stumble through the interview satisfactorily was due to >you folks having put enough concepts in my head so that I could avoid >sounding like a complete idiot. > >Of course, now that I've been on the job for a week, the veneer of knowledge >is looking thinner and thinner, and the number of questions I can't answer >is growing daily. > >Here's the most recent poser: They're using SmallTalk for this project, >which is actually a major extension of another application which has been in >use for 10+ years. They are devoted to using Windows authentication. The >developers would like SmallTalk to be able to run SQL statements directly >from their code, however, they can only do that if the logged-in user has >such rights. Which raises the specter of a savvy user running random SQL >statements directly against the database. The solution has been to disallow >running any "unapproved" SQL statements by requiring that only sprocs can be >run, but the development team isn't happy with that solution, so they are >asking me for alternatives. > >I'm getting more confused as I write this, so I'll guarantee you that there >are questions I don't know enough to ask. Can you recommend some reading for >me? Do any of you have any specific ideas for this problem? > >Thanks so much! Hopefully I'll be wise enough to contribute here >eventually! > > >Liz > > > >_______________________________________________ >dba-SQLServer mailing list >dba-SQLServer at databaseadvisors.com >http://databaseadvisors.com/mailman/listinfo/dba-sqlserver >http://www.databaseadvisors.com > > > > > -- Marty Connelly Victoria, B.C. Canada