This is an important point that seems to have been missed in this thread. >From the perspective of creating secure applications you can do much more to limit access to your data through stored procedures and actually using the access control systems that are built into the RDBMS of your choice.
In Oracle and now in DB/2 we have actually been using DB side user accounts to enforce table and even row level grants against data. This is enforced through the DB itself, and the application only has to know it either got the data back, or it got an error back, and how to respond to each. Someone else mentioned coding so that the application doesn't need to know what it is receiving its information from. I don't think this is as pertinent to this conversation. Encapsulating your SP calls in CFCs gives you the ability to quickly change to a different means of data storage (LDAP, XML, whatever). > -----Original Message----- > From: Dave Watts [mailto:[EMAIL PROTECTED] > Sent: Sunday, August 27, 2006 9:38 PM > To: CF-Talk > Subject: RE: Stored procs (was Top 100 ColdFusion Programmers) > > > While on that subject, a lot of people insist that everythig > > should be done with SP's wherever possible. > > While this is indeed a good idea for long/complex queries > > that will see vastly improved performance and speed, but I > > think it is wrong to do it just for the sake of it, and to > > put basic select or other small queries etc into SP's. > > I wouldn't go so far as to insist, but I do strongly recommend it. Not for > speed, primarily - using prepared statements may be as fast in many cases > - > but not just "for the sake of it" either. Using stored procedures allows > you > to logically segment data access code from your application in a useful > way, > and allows the application to be secured a bit more - you can in many > cases > essentially remove the ability to run arbitrary SQL from your application. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > Fig Leaf Software provides the highest caliber vendor-authorized > instruction at our training centers in Washington DC, Atlanta, > Chicago, Baltimore, Northern Virginia, or on-site at your location. > Visit http://training.figleaf.com/ for more information! > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:251306 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
