Kristian Nielsen wrote:
Kay Röpke <[email protected]> writes:
the problem really comes down to:> if any part of the app needs access to certain data, certain people> will have 
access to the data (because there must be some way to access> the username/password combination) otherwise it's 
useless.> "certain people" depends on the size of the organization, i guess. in> my experience it means 
either a) devs or b) DBAs. or both for small> companies. outside of those two groups, people don't generally have> 
access to the systems (accounting, marketing or other "business"> folks).
Agree.
To me, this and similar issues like roles, foreign keys, stored procedures,etc. 
etc. comes down to one thing: Do I want to develop my system in theframework of 
some RDBMS or in a real programming language like Perl, Java, orwhatever the 
current fashion happens to be.
To me the choice is clear. I have never seen anything from a database/RDBMSthat 
I consider even remotely on the level I would expect of a goodprogramming 
language. I _have_ seen disasters like tens of thousands of linesof Oracle 
stored procedures implementing business logic etc. It always ends upwith one 
half of the app being implemented in the database, and the other inthe 
application language, which generally is terrible.
So this is what I like, and what I think MySQL (and Drizzle) is targeting,which 
is probably why I like MySQL.
So by all means let us have features like foreign keys, stored procedures, 
rowfilters etc. They are occasionally useful. Just do not expect me to use then 
asa general replacement for a real application development framework.
But to each his own.
Isn't it better for application developers to concentrate on application semantics and ease of use than understanding and enforcing security policy as well, particularly given the potential ramifications of a security breach?

Let me give you a real world example. A large law firm built an application to manage all aspects of running a law firm -- tracking correspondence, case management, billing, docketing, etc. Huge system. In addition to managing all aspects of internal workings, it allowed clients to track aspects of their cases, and was also the external Web site for the firm. The system was implemented by two very smart guys and a bunch of summer interns.

A major problem, however, is that a lawyer the compromises confidential client information is subject to disbarment. Not all that many of the hundred attorneys were happy about the idea that their license to practice law depended on the skill and conscientiousness of some summer interns.

This was the problem to lead to filtersets that enabled declarative access policy to be consistently and rigorously enforced so that an attorney could see all aspects of his or her cases, a client could see a chosen subset of data for his (and only his) cases, and the public couldn't see much of anything real at all.

Filtersets work with declarative per-table access policy, where the policy is expressed as a boolean to be applied to all retrievals on that table. Many of the booleans necessarily referenced other table (as in, he can see this iff he can see that), so the booleans have to be applied recursively. In one instance, a simple with table retrieval expanded to 17 page pretty print selection criterion.

I submit that a) this is beyond the skill and conscientiousness of a summer intern, b) beyond the skills and conscientiousness of the two very smart guys, c) subject to frequent changes that would otherwise have required modification of thousands of lines of code, and c) had ramifications of ending careers if breached.

This is something that databases can easily enforce that skilled programmers can't.

_______________________________________________
Mailing list: https://launchpad.net/~drizzle-discuss
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~drizzle-discuss
More help   : https://help.launchpad.net/ListHelp

Reply via email to