On Sun, Feb 08, 2004 at 11:24:56PM -0800, Josh Berkus wrote:
> The problem with this approach, of course, is that large application
> developers generally like to make the database fairly "passive" and put all
> business & security logic in the middleware. I do think it would be useful
> for them to realize that they are sacrificing a significant portion of their
> data security by doing so.
Perhaps what would be best is some kind of a 'best practices' guide.
There's far more that people should consider beyond just quoting
strings; Josh's example is just one thing.
If written carefully, such a guide could serve both experienced DBAs as
well as people who are very new to databases, since every database has
it's own prefered way of doing things.
--
Jim C. Nasby, Database Consultant jim@nasby.net
Member: Triangle Fraternity, Sports Car Club of America
Give your computer some brain candy! www.distributed.net Team #1828
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"