tags:

views:

97

answers:

5
+1  Q: 

How should i work in this scenario . Should I use Trigger or Leave on User to manage

I am creating an application in which i am using stored procedure where i m implementing my logic.

Now what i need to know is that- i want my database not to contain any invalid entry, for this purpose should i create triggers, for implementing my data validation logic such that when FailPasswordAttemptCount is changed to some value then should i make changes in corresponding column IsLocked accordingly thru triggers or leave it on dba to manage.

eg

if FailPassowrdAttemptCount > 3
  IsCaptchaActivated=True
if FailPasswordAttemptCount>6
  IsLocked=true

now if a dba changes the value of FailPasswordAttemptCount to 4 without changing IsCaptchaActivated to true then this will make an invalid entry for my frontend. SO should i manage it thru triggers or should i left it over dba to make correct entry.

Although this type of entry is not possible thru frontend but in case any1 having privilages to access database, changes directly thru database. For this should i leave it on user or should i manage thru triggers. I want to make my database to remain consistent in all circumstances.

+2  A: 

I wouldn't use a trigger for something like this. Triggers are obscure and can be hard to debug for the developer. Use your tables and stored procedures to deal with the issue. Use triggers for when you don't have an alternative.

Benjamin Ortuzar  2009-12-14 15:21:04
A: 

For this type of situation, I would probably not use a trigger, just for the situation you describe. Though I would wonder why you have dba's manually altering data in a field that closely tied to the security of your app.

BBlake  2009-12-14 15:21:20
A: 

I would implement this in the application logic. When calling the login sproc you can return both whether it succeeded as well as the number of failed password attempts and if captcha is needed. Regardless of if the DBA changes the 3 to a 4, your code will see the 4, ignore the result of the validation and present the user with a captcha. If you're worried about DBA's modifying the code directly you can also check the APP_NAME() function/variable to see what program is trying to modify the data. Its something to be very careful with but so is DBAs modifying fields directly.

Chris Haas  2009-12-14 15:28:03
thx for suggestion.For making my login related module to be perfectly secure and valid i m trying to take all the worst case scenarios.I too is managing all these data thru sproc thru thru application logic using sproc.But what if someone changes table directly accidently
Shantanu Gupta  2009-12-14 15:38:05
+2  A: 

I'd make the following:

  • Put the data validation logic into a stored procedure
  • Made the stored procedure the only way the application interacts with the table
  • Put the code you want into the stored procedure.

Trigger-based programming paradigma grows too hard to code and maintain as the business logic complexity of your application increases.

However, if you are absolutely sure you will only have the simple logic like this, it is OK to put it into a trigger since this will require minimal changes in the ways the application interacts with the database.

Quassnoi  2009-12-14 15:29:12
Thx for your suggestion but here is little bit confusion.My application will not enter any illegal data entry.This scenario is taking into consideration that i m manually doing some changes accidently directly into the table
Shantanu Gupta  2009-12-14 15:34:17
Revoke the `DML` permission on the table and grant them on the stored procedure. This way you won't be able to do anything not coded into the stored procedure. See here for references: http://www.sommarskog.se/grantperm.html
Quassnoi  2009-12-14 15:38:01
+1  A: 

I would use a combination of both. I will try to restrict data as far as possible. And will fire trigger, so that no one can insert any invalid entry.

vaibhav  2009-12-14 15:29:33
nice answer, but it seems to be complex work to manage such situation. Check Quassnoi comments seems to be good answer
Shantanu Gupta  2009-12-14 15:42:50

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?