BA372 Stored Procedures and Triggers Lab. What needs to be done to change a customer’s credit limit? Who am I? May I? Do it Log it Display A database.

Slides:

Advertisements

Similar presentations

Stored procedures and views You can see definitions for stored procedures and views in the demo databases but you can’t change them. For views, expand.

Advertisements

TDPS Wireless v Enhancements E1 - Multi load E2 - Driver time scheduler.

College of Business A Quick Introduction to Stored Procedure and Trigger Syntax To Proc or not to Proc Multi-Platform Implications DB Utilities and Reliance.

Fundamentals, Design, and Implementation, 9/e Chapter 11 Managing Databases with SQL Server 2000.

MI807: Database Systems for Managers Introduction –Course Goals & Schedule –Logistics –Syllabus Review Relational DBMS Basics –RDBMS Role in Applications.

Project Execution & Termination Life Cycle Execution Presented by: Basker George.

Lecture The Client/Server Database Environment

Slide 1 of 9 Presenting 24x7 Scheduler The art of computer automation Press PageDown key or click to advance.

MSF Testing Introduction Functional Testing Performance Testing.

DB Audit Expert v1.1 for Oracle Copyright © SoftTree Technologies, Inc. This presentation is for DB Audit Expert for Oracle version 1.1 which.

The Client/Server Database Environment

Sql Server Advanced Features MIS 424 Professor Sandvig.

Overview What is SQL Server? Creating databases Administration Security Backup.

1 INTRO TO BUSINESS COMPONENTS FOR JAVA (BC4J) Matt Fierst Computer Resource Team OracleWorld Session

DAY 14: ACCESS CHAPTER 1 Tazin Afrin October 03,

Sofia, Bulgaria | 9-10 October SQL Server 2005 High Availability for developers Vladimir Tchalkov Crossroad Ltd. Vladimir Tchalkov Crossroad Ltd.

OracleAS Reports Services. Problem Statement To simplify the process of managing, creating and execution of Oracle Reports.

IT Service Delivery And Support Week Eleven – Auditing Application Control IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA.

Stored Procedures, Transactions, and Error-Handling

Module 9 Authenticating and Authorizing Users. Module Overview Authenticating Connections to SQL Server Authorizing Logins to Access Databases Authorization.

Oracle Application Express Security. © 2009 Oracle Corporation Authentication Out-of-the-Box Pre-Configured Schemes LDAP Directory credentials Oracle.

Introduction to the Visual Studio.NET IDE (LAB 1 )

SQL Server User Group Meeting Reporting Services Tips & Tricks Presented by Jason Buck of Custom Business Solutions.

Discovering Computers Fundamentals Fifth Edition Chapter 9 Database Management.

By: Matt Batalon, MCITP  Another form of temporary storage that can be queried or joined against, much like a table variable, temp.

Copyright © 2013 Curt Hill Database Security An Overview with some SQL.

Triggers and Stored Procedures in DB 1. Objectives Learn what triggers and stored procedures are Learn the benefits of using them Learn how DB2 implements.

Effective Security in ASP.Net Applications Jatin Sharma: Summer 2005.

Module 5: Upgrading to SQL Server 7.0. Overview Planning an Upgrade Preparing to Upgrade Verifying the Upgrade Setting a Compatibility Level.

CERN - IT Department CH-1211 Genève 23 Switzerland t DB Development Tools Benthic SQL Developer Application Express WLCG Service Reliability.

Navigation Framework using CF Architecture for a Client-Server Application using the open standards of the web Kedar Desai presented by.

Chapter 1 Introduction to Databases. 1-2 Chapter Outline   Common uses of database systems   Meaning of basic terms   Database Applications  

Chapter No 4 Query optimization and Data Integrity & Security.

School of Computing and Management Sciences © Sheffield Hallam University Issues of Data Access 101(-ish) ways to access data from a database! ODBC One.

37 Copyright © 2007, Oracle. All rights reserved. Module 37: Executing Workflow Processes Siebel 8.0 Essentials.

Construction Planning and Prerequisite

What is a Package? A package is an Oracle object, which holds other objects within it. Objects commonly held within a package are procedures, functions,

Web Application for Mobile access to students exam Information.

2. SQL Security Objectives –Learn SQL Server 2000 components Contents –Understanding the Authentication Process –Understanding the Authorization Process.

3 Copyright © 2004, Oracle. All rights reserved. Working in the Forms Developer Environment.

Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.

Gold – Crystal Reports Introductory Course Cortex User Group Meeting New Orleans – 2011.

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

Module 4: Creating a Web Application with Web Forms

1 Intro stored procedures Declaring parameters Using in a sproc Intro to transactions Concurrency control & recovery States of transactions Desirable.

ADO.NET FUNDAMENTALS BEGINNING ASP.NET 3.5 IN C#.

ASP-2-1 SERVER AND CLIENT SIDE SCRITPING Colorado Technical University IT420 Tim Peterson.

Class 4 Agenda Database Management Systems Database Management Systems Chapter 4: Moore’s Law Chapter 4: Moore’s Law Midterm Case Midterm Case.

Introduction to Performance Testing Performance testing is the process of determining the speed or effectiveness of a computer, network, software program.

Navigation Framework using CF Architecture for a Client-Server Application using the open standards of the Web presented by Kedar Desai Differential Technologies,

Lab 301 Populating Template Data from a Third Party Data Source Justin Pava, Software Release Manager Andrew Schoonmaker, Software QA Engineer.

SQL Triggers, Functions & Stored Procedures Programming Operations.

 What is DB Testing ?  Testing at the Data Access Layer  Need for Testing DB Objects  Common Problems that affect the Application  Should Testers.

1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID Unity Connection Provisioning API Matt Penning Unity.

7.5 Using Stored-Procedure and Triggers NAME MATRIC NUM GROUP Muhammad Azwan Bin Khairul Anwar CS2305A Muhammad Faiz Bin Badrol Shah CS2305B.

Administrating a Database

Module 1: SQL Server Overview

SQL Server Security & Intrusion Prevention

Effective T-SQL Solutions

Working in the Forms Developer Environment

Chapter 2 Database System Concepts and Architecture

The Client/Server Database Environment

The Client/Server Database Environment

The Client/Server Database Environment

Security mechanisms and vulnerabilities in .NET

Introduction of Week 11 Return assignment 9-1 Collect assignment 10-1

Chapter 8 Advanced SQL.

Chapter 11 Managing Databases with SQL Server 2000

Administrating a Database

Graduation Project #1 University Internet Student Registration System

Presentation transcript:

BA372 Stored Procedures and Triggers Lab

What needs to be done to change a customer’s credit limit? Who am I? May I? Do it Log it Display A database lists users in roles This role is called ChgClientCreditLimit if ( (Select count(*) where Person, Role) > 0) OK Get the user name from the system Windows handles this when it connects to the DB Worked? Remember what was done by whom Forbidden? Remember who tried Update Clients Set CreditLimit=?, this customer Tell the user what happened

Scenario 1 – Client Heavy C#.Net Connect, Authenticate, Check for success Specify authorization parameters Specify tables, columns, and SQL Execute and check success Specify update parameters Specify tables, columns, and SQL Execute and check success Specify logging parameters Specify tables, columns, and SQL Execute and check success Specify Results parameters Specify tables, columns, and SQL Execute and check success Display results DB Server ‘Blindly’ perform SQL instructions 3 pages of C# code with embedded table/column names, authorization rules, and business logic

Scenario 2 – Stored Proc C#.Net Connect, Authenticate, Check for success Specify authorization parameters Specify tables, columns, and SQL Execute and check success Specify update parameters Specify tables, columns, and SQL Execute and check success Specify logging parameters Specify tables, columns, and SQL Execute and check success Specify Results parameters Specify tables, columns, and SQL Execute and check success Display results DB Server Half the C# code but involved DB procedure code: authorization logic, logging functions, and table/column details are not included in the C# program Stored Procedure ChgClientCreditLimit Exec Stored Proc 

Scenario 3 – Proc + Trigger C#.Net Connect, Authenticate, Check for success Specify authorization parameters Specify tables, columns, and SQL Execute and check success Specify update parameters Specify tables, columns, and SQL Execute and check success Specify logging parameters Specify tables, columns, and SQL Execute and check success Specify Results parameters Specify tables, columns, and SQL Display results DB Server Logging is moved into a trigger. Changes are logged no matter how the updates are made: code, proc, or utility In our lab, authorization is also moved to its own proc, AuthCheck,which logs denied attempts Stored Procedure ChgClientCreditLimit Database Trigger Logs the Activity Exec Stored Proc  Trigger Fires Automatically 

Things to Ponder Which solution has the most cohesive modules? How is data independence affected? Heterogeneity: Web? Automated? Mobile? – What will an interface programmer need to know? Reliability, performance, and control – DB locks, speed, memory, impact of an error, restoring data, cross-platform consistency – Compare the security of a single logging proc and auth proc vs. SQL in multiple code modules Moving functionality from client, to web server, to DB code profoundly affects a variety of important issues. Which is best? IT DEPENDS