BA372 Stored Procedures and Triggers Lab

What needs to be done to change a customer’s credit limit?

• Who am I?

• May I?

• Do it

• Log it

• Display

A database lists users in rolesThis role is called ChgClientCreditLimit

if ( (Select count(*) where Person, Role) > 0) OK

Get the user name from the systemWindows handles this when it connects to the DB

Worked? Remember what was done by whomForbidden? Remember who tried

Update Clients Set CreditLimit=? , this customer

Tell the user what happened

Scenario 1 – Client HeavyC#.Net

Connect, Authenticate, Check for successSpecify authorization parametersSpecify tables, columns, and SQLExecute and check success

Specify update parametersSpecify tables, columns, and SQLExecute and check success

Specify logging parametersSpecify tables, columns, and SQLExecute and check success

Specify Results parametersSpecify tables, columns, and SQLExecute and check successDisplay results

DB Server

‘Blindly’ perform SQL instructions

3 pages of C# code with embedded table/column names, authorization rules, and business logic

Scenario 2 – Stored ProcC#.Net

Connect, Authenticate, Check for successSpecify authorization parametersSpecify tables, columns, and SQLExecute and check success

Specify update parametersSpecify tables, columns, and SQLExecute and check success

Specify logging parametersSpecify tables, columns, and SQLExecute and check success

Specify Results parametersSpecify tables, columns, and SQLExecute and check successDisplay results

DB Server

Half the C# code but involved DB procedure

code: authorization logic, logging functions, and

table/column details are not included in the C#

program

Stored Procedure ChgClientCreditLimit

Exec Stored Proc

Scenario 3 – Proc + TriggerC#.Net

Connect, Authenticate, Check for successSpecify authorization parameters

Specify tables, columns, and SQLExecute and check success

Specify update parameters

Specify tables, columns, and SQLExecute and check success

Specify logging parametersSpecify tables, columns, and SQLExecute and check success

Specify Results parametersSpecify tables, columns, and SQL

Display results

DB Server

Logging is moved into a trigger. Changes are logged no matter how the updates are

made: code, proc, or utility

In our lab, authorization is also moved to its own proc, AuthCheck ,which logs denied

attempts

Stored Procedure ChgClientCreditLimit

Database Trigger Logs the Activity

Exec Stored Proc

Trigger Fires Automatically

Things to Ponder

• Which solution has the most cohesive modules?• How is data independence affected?• Heterogeneity: Web? Automated? Mobile? – What will an interface programmer need to know?

• Reliability, performance, and control– DB locks, speed, memory, impact of an error, restoring

data, cross-platform consistency– Compare the security of a single logging proc and auth

proc vs. SQL in multiple code modules

Moving functionality from client, to web server, to DB code profoundly affects a variety of important issues. Which is best? IT DEPENDS