Comments embedded.
On Nov 20, 12:55 pm, Brian Tkatch <N/A> wrote:
Define 'controlled environment'. Now, implement that and still give
users access. Then try to restrict what they use to access the
database. It's surprisingly easy to defeat such tactics as logon
triggers can easily be fooled by simply renaming the undesirable
application. sqlplus.exe can be renamed to anything one would want to
call it and, thus, can be used to directly access the data
circumventing exclusive use of your UI. And, as a result your data is
vulnerable to attack. So much for your 'controlled environment'.

And that's just peachy until you have simultaneous inserts into a
table and attempt to enforce a pseudo primary key or pseudo foreign
key constraint through the UI. And end up with duplicate key values
or dependent inserts failing because the newly inserted parent record
hasn't yet been committed.

And programmers run the show where you are? I can now understand why
data validation is so low in priority on your list.

Ensuring data integrity is more of a pain than having a continuingly
running application? This sounds more like a paint and body shop than
an IT shop.

Interesting that in the quest for 'efficiency' you place data in
misnamed columns simply to circumvent proper change control and a
logical table design/implementation. And, possibly, the DBA group is
tired of you and your antics. Is there no development or test
environment configured to facilitate such changes?

Define that and implement it in a foolproof (and user-proof) manner.
Then see how much work you actually can get done.

If the inmates are running the asylum you have more to worry about
than data integrity.


David Fitzjarrell

On Tue, 20 Nov 2007 13:12:54 -0800, DA Morgan <damorgan (AT) psoug (DOT) org>
wrote:

Other then the redundant "Data is data is data.", i disagree with
everything you just wrote.

As a component of a controlled environment, however, it can.

And here i thought i would get a 68 overall, but *at least* a 90 on effort.

And without a username this does what?

And what you are saying is that because bad practices exist in some
organizations they should pretend they do not exist. Some of us aim a
bit more realistically.

Umm, perhaps you need to leave you ivory tower and see the real world.
I'm not saying it should be like this, i'm saying it is like this.

I was giving a reason as to why a large organization has programmers
as the DB designers. I thought a bit of reasoning was called for.

And i would just as well keep you ignorant of it. Who knows what you
would do!

B.

On Tue, 20 Nov 2007 13:33:52 -0800 (PST), "fitzjarrell (AT) cox (DOT) net"
<fitzjarrell (AT) cox (DOT) net> wrote:

<SNIP>
One implementation i have seen (in many groups in the same
organization) is one username which the program uses to connect, but
is not given to the users.

I'd like to see you do that.

They do in most cases. The data modelers rarely understand what the
program is doing, and the DBAs usually don't care.

Actually, it was a large IT operation. When there are tens of
thousands of workers, groups separate, and people stop caring.

I never did that. Indeed, i was called in for cleanup.

Nope.

Even test is a restricted environment. Someting i complained about on
many an occasion.


Be veeeery afraid. They run more than you are willing to admit.


B.

On Nov 20, 3:59 pm, Brian Tkatch <N/A> wrote:

Yet, through sqlplus and a local server connection one doesn't need
the 'application only' account to access and possibly disrupt
application data. Sort of circumvents your 'control', doesn't it?

Search google or this newsgroup for examples. They are widely
available.

Which explains much in why your 'world' is so ... off-kilter.

Prove that unequivocably. Where I work people care. And it isn't a
local 7-Eleven, either.

Were you really? Given the mess you've presented I'd have never
guessed.

'Restricted'? Meaning the DBAs actually care about what goes into and
comes out of that database? Wow, what concepts -- data integrity and
proper change control.

I notice you failed to answer that challenge.

And yet again you 'speak' without thought. Is cognitive action so
foreign to you?


David Fitzjarrell

fitzjarrell (AT) cox (DOT) net wrote:

Controlled environments exist in Fantasy Land and laboratories. Not
on real-world production servers.

Makes me wonder what hotdog stand uses Oracle software.

Body shop ... hot dog stand ... he's definitely making an impression.

Then add Pete Finnigan, 10 minutes, and stir.

We are talking to one of the inmates. I can't think of a single one
of Oracle's customers I know that would tolerate this nonsense for
even ten minutes.
--
Daniel A. Morgan
Oracle Ace Director & Instructor
University of Washington
damorgan@x.washington.edu (replace x with u to respond)
Puget Sound Oracle Users Group
www.psoug.org

Brian Tkatch wrote:

And your background in IT upon which you base this disagreement is?

There is no such thing as a controlled environment: Wake up!

One does not need a username to break in. Do you think locks on car
doors prevent auto theft too?

You are the poster child for bad practices at the moment. What I am
saying is that your employer needs to be protected from you. You are
telling us that because the money is stored in a vault we don't need
to worry about a bank robbery. You are promoting a fantasy.

Nonsense. Absolute nonsense. If that is what it is like where you work
I would guess that is probably true given that they hired you and no
doubt have hired others like you.

But if you think that is what it is like at Amazon.com, AT&T, Boeing,
T-Mobile, Washington Mutual Bank, Matsushita, etc. etc. etc. you are
in need of a 12 step program.

ALTER USER tkatch ACCOUNT LOCK;

would be a good first step.
--
Daniel A. Morgan
Oracle Ace Director & Instructor
University of Washington
damorgan@x.washington.edu (replace x with u to respond)
Puget Sound Oracle Users Group
www.psoug.org

Brian Tkatch wrote:

One does not need a username to connect to Oracle.

You might want to sit back and ask yourself what is going on when two
very senior Oracle professionals are both saying the same thing to you
and not one person is saying you are correct. The message should be
extraordinarily clear.

You are wrong and, apparently, too ignorant about Oracle to know what
you don't know.

Consider using this opportunity to learn something rather than just
digging a deeper and deeper hole.

David ... I think we've made our point to any lurkers. Brian has
distinguished himself from most serious professional by his logon to
this group (Brian Tkatch <N/A>). Obviously this just a troll and his
only point in posting is to create havoc. Kill File! He's all yours
if you wish to respond. I'm through feeding the troll.
--
Daniel A. Morgan
Oracle Ace Director & Instructor
University of Washington
damorgan@x.washington.edu (replace x with u to respond)
Puget Sound Oracle Users Group
www.psoug.org

On Tue, 20 Nov 2007 19:03:38 -0800, DA Morgan <damorgan (AT) psoug (DOT) org>
wrote:

Perhaps you have not read what i have posted. I do not do the things i
am talking about. Indeed, i have been asked to fix these issues.
However, many people are like this.

And perhaps you need a dose of reality.

B.

On Tue, 20 Nov 2007 14:14:24 -0800 (PST), "fitzjarrell (AT) cox (DOT) net"
<fitzjarrell (AT) cox (DOT) net> wrote:

<SNIP>

Does knowledge of Oracle come with a neccesary dose of pompousness?

B.

On Tue, 20 Nov 2007 19:14:14 -0800, DA Morgan <damorgan (AT) psoug (DOT) org>
wrote:

And perhaps you need to re-read the point i was making.

I would. But you clothe your speech with so much negativity it's hard
to find the diamonds in all the mud.

B.