| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: validation
I think its open to argument.
jonathan lewis posted a while back that the optimum strategy from a data security point of view was to be 'a real bastard to your users' i.e. validate at the data and just pass the error stack back.
My view would be that you should validate seperately (but consistently!) at both layers. the app layer to ensure an effective user experience,the data layer to protect the data .
-- Niall Litchfield Oracle DBA Audit Commission UK ***************************************** Please include version and platform and SQL where applicable It makes life easier and increases the likelihood of a good answer ******************************************"Knut Talman" <knut.talman_at_mytoys.de> wrote in message news:3CE3731A.84062D1B_at_mytoys.de...Received on Thu May 16 2002 - 05:01:29 CDT
> Niall Litchfield wrote:
> > To be fair to developers there is
> > a DBA myth which says that you should only validate data in the database
you
> > don't need to do it in the application.
>
> And there are applications which validate nothing in the database, use no
> referential integrity etc. and do everything in the application layer
(e.g.
> Oracle Applications).
> Other applications I've seen do everything in the database, they have
loads of
> triggers, make massive use of DBMS_JOB and totaly rely on database
mechanisms.
> What do you suggest developers when they ask you how to design their
> application?
>
> Regards,
>
> Knut
 |
 |