BA372 Stored Procedures and Triggers Lab. What needs to be done to change a customer’s credit...
-
Upload
mercy-reynolds -
Category
Documents
-
view
214 -
download
1
Transcript of BA372 Stored Procedures and Triggers Lab. What needs to be done to change a customer’s credit...
BA372 Stored Procedures and Triggers Lab
What needs to be done to change a customer’s credit limit?
• Who am I?
• May I?
• Do it
• Log it
• Display
A database lists users in rolesThis role is called ChgClientCreditLimit
if ( (Select count(*) where Person, Role) > 0) OK
Get the user name from the systemWindows handles this when it connects to the DB
Worked? Remember what was done by whomForbidden? Remember who tried
Update Clients Set CreditLimit=? , this customer
Tell the user what happened
Scenario 1 – Client HeavyC#.Net
Connect, Authenticate, Check for successSpecify authorization parametersSpecify tables, columns, and SQLExecute and check success
Specify update parametersSpecify tables, columns, and SQLExecute and check success
Specify logging parametersSpecify tables, columns, and SQLExecute and check success
Specify Results parametersSpecify tables, columns, and SQLExecute and check successDisplay results
DB Server
‘Blindly’ perform SQL instructions
3 pages of C# code with embedded table/column names, authorization rules, and business logic
Scenario 2 – Stored ProcC#.Net
Connect, Authenticate, Check for successSpecify authorization parametersSpecify tables, columns, and SQLExecute and check success
Specify update parametersSpecify tables, columns, and SQLExecute and check success
Specify logging parametersSpecify tables, columns, and SQLExecute and check success
Specify Results parametersSpecify tables, columns, and SQLExecute and check successDisplay results
DB Server
Half the C# code but involved DB procedure
code: authorization logic, logging functions, and
table/column details are not included in the C#
program
Stored Procedure ChgClientCreditLimit
Exec Stored Proc
Scenario 3 – Proc + TriggerC#.Net
Connect, Authenticate, Check for successSpecify authorization parameters
Specify tables, columns, and SQLExecute and check success
Specify update parameters
Specify tables, columns, and SQLExecute and check success
Specify logging parametersSpecify tables, columns, and SQLExecute and check success
Specify Results parametersSpecify tables, columns, and SQL
Display results
DB Server
Logging is moved into a trigger. Changes are logged no matter how the updates are
made: code, proc, or utility
In our lab, authorization is also moved to its own proc, AuthCheck ,which logs denied
attempts
Stored Procedure ChgClientCreditLimit
Database Trigger Logs the Activity
Exec Stored Proc
Trigger Fires Automatically
Things to Ponder
• Which solution has the most cohesive modules?• How is data independence affected?• Heterogeneity: Web? Automated? Mobile? – What will an interface programmer need to know?
• Reliability, performance, and control– DB locks, speed, memory, impact of an error, restoring
data, cross-platform consistency– Compare the security of a single logging proc and auth
proc vs. SQL in multiple code modules
Moving functionality from client, to web server, to DB code profoundly affects a variety of important issues. Which is best? IT DEPENDS