×

Good News Everybody!

The new search engine is LIVE!

Please report any problems to david (at) midrange.com.



  1.  Home
  2. RPG400-L
  3. June 2008

Re: Trigger programme without a trigger.

Joe Pluta wrote:
If I can't count on my security, then I don't have any. Nobody will "casually" get sufficient authority in my scenario. You musty either have *ALLOBJ (bad) or you must swap to the HSA profile (bad) or you must put the HSA as a group profile (bad). None of these is a casual thing, and in general can be prevented for all but the most powerful users.

Joe, you are assuming that all data manipulation will be done within the native iSeries environment.

This is not the case.

You've stated that ODBC is bad ... this is absolutely not true. ODBC (and, by reference, JDBC) are not bad at all ... INAPPROPRIATE use of ODBC is bad. Use of ODBC by people who don't know what they are doing is bad (I'll even say that direct ODBC use by ANY people is bad).

ODBC / JDBC is how external applications update data on the iSeries (with appropriate authorization).

Yes, the external applications can use a stored procedure to update the data ... that's one approach ... not the only approach.

I suppose the best of both worlds would be to lock down the data entirely *and* put validation triggers on it, so that when you do have to fat finger it, those triggers are in place.... hmm.

YES ... this is EXACTLY what I'm suggesting. As (I think) I said before ... Security is important (indeed, critical) ... but security doesn't enforce business rules. Business rules should be enforced regardless of what security is in place. And business rules should only be able to be bypassed in extraordinary situations by people who absolutely know what they are doing.

Maybe I have to rethink my position a little bit...

Oh man, I'm not sure I'm ready for the world to end <grin action="ducking" motion="running" visibility="hiding"/>

david


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.