× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. July 2005

RE: Auditing of SQL Statements via STRSQL

Al,

> There is no way to audit SQL, but on the other hand, there
> is no way to
> audit an RPG program.

The big difference is that with a compiled program you have a much
higher level of assurance that the program is only doing what it was
originally written to do.  STRSQL statements are, by definition ad-hoc
and so the auditors see more of a need to audit them.  If part of your
point was that the person doing the STRSQL could just write an RPG
program instead, well you're right, but it isn't particularly relevant
here because:
1) In a controlled production environment people still have need to
audit "emergency fixes" to the data, so you have to have some auditable
method.
2) In a controlled production environment you'll have a hard time moving
that program into, and running it against, production libraries without
detection.
3) > Strikes me that the SOX people are just nuts.  :)

> We could always ask IBM for a way to audit any database
> change, but how
> much would you be willing to pay for that?  I don't think
> that this is a
> reasonable request.

We have this already - it's called Database Journaling.  And I am
continually surprised at both how many companies are using SOX as an
excuse to journal all DB changes regardless of the cost, and how many
companies swear it is too expensive to journal but then ask for a
solution that has all the properties of DB journaling.   It is my
contention that "Crazy" is actually a communicable disease, and because
"> Strikes me that the SOX people are just nuts", it seems that a lot of
IT people are becoming "nuts" too :)

> >From a SOX perspective, that could easily double the size
> of your system,
> and plausibly raise it to a high multiple.

Yes.  But if your auditors and lawyers are telling the CEO that he must
have this ability, and without it he could go to prison, my guess is
that the CEO is going to come up with the funds to double the size of
your systems - even if it is only because it:

> Strikes me that the SOX people are just nuts.

Just because they are nuts, doesn't mean that they won't win in the end.
:(

jte

--
John Earl | Chief Technology Officer
The PowerTech Group
19426 68th Ave. S
Seattle, WA 98032
(253) 872-7788 ext. 302
john.earl@xxxxxxxxxxxxx
www.powertech.com 
 

 
This email message and any attachments are intended only for the use of
the intended recipients and may contain information that is privileged
and confidential. If you are not the intended recipient, any
dissemination, distribution, or copying is strictly prohibited. If you
received this email message in error, please immediately notify the
sender by replying to this email message, or by telephone, and delete
the message from your email system.
--

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.