This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01BF8378.03A7E634 Content-Type: text/plain >Actually, it can be argued that using stored procedures is in general bad >design, as it buries your business rules down in the database layer. At the >same time, reliance on stored procedures usually locks you into a single >database vendor, thereby making the system unportable. Stored procedures are fast & efficient, so you have to choose! >A better design is middleware written in a proper, portable language that can >enforce your business rules and validate all input thoroughly, and narrows the >access to the database to a well-defined, well-protected interface. Programmers >can then make major mistakes in the interface code without risking database >compromise. In addition, using middleware gives you the opportunity of using a >language such as Perl that is well adapted to input validation and string >manipulation, and all the advantages of *real* code reuse. But isn't ASP used as a middleware in that case?! Using Perl as a well adapted middleware, and "a proper, portable language" is quiet a funny thing!! You must be joking ?? Have you ever tried to maintain Perl code made by other people than you? Tried to used its object-oriented features ;-)) ? Real code reuse in Perl!!! Do you mean copy & paste operations??? With ASP you use a "glue" called JavaScript & VBScript, and for the really complicated business logic you use trully advanced & proper programming languages like C++ or even Java... Stored procedures can be used for operations which have to be very fast, or when you want to be sure of the "low-level" integrity of your database ... _____________________ Bertrand Schmitt Chief Technical Office mailto:bertrand.schmittat_private http://www.arkadia.com Tel : +33(0)1 41214416 Fax : +33(0)1 41214415 42, rue Louis Calmel 92230 Gennevilliers - France ------_=_NextPart_001_01BF8378.03A7E634 Content-Type: text/html <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"> <META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2650.12"> <TITLE>RE: BID 994,MS00-010 (Site Server Commerce Edition non-validated SQL inputs)</TITLE> </HEAD> <BODY> <P><FONT SIZE=2>>Actually, it can be argued that using stored procedures is in general bad</FONT> <BR><FONT SIZE=2>>design, as it buries your business rules down in the database layer. At the</FONT> <BR><FONT SIZE=2>>same time, reliance on stored procedures usually locks you into a single</FONT> <BR><FONT SIZE=2>>database vendor, thereby making the system unportable.</FONT> </P> <P><FONT SIZE=2>Stored procedures are fast & efficient, so you have to choose!</FONT> </P> <P><FONT SIZE=2>>A better design is middleware written in a proper, portable language that can</FONT> <BR><FONT SIZE=2>>enforce your business rules and validate all input thoroughly, and narrows the</FONT> <BR><FONT SIZE=2>>access to the database to a well-defined, well-protected interface. Programmers</FONT> <BR><FONT SIZE=2>>can then make major mistakes in the interface code without risking database</FONT> <BR><FONT SIZE=2>>compromise. In addition, using middleware gives you the opportunity of using a</FONT> <BR><FONT SIZE=2>>language such as Perl that is well adapted to input validation and string</FONT> <BR><FONT SIZE=2>>manipulation, and all the advantages of *real* code reuse.</FONT> </P> <P><FONT SIZE=2>But isn't ASP used as a middleware in that case?!</FONT> </P> <P><FONT SIZE=2>Using Perl as a well adapted middleware, and "a proper, portable language"</FONT> <BR><FONT SIZE=2>is quiet a funny thing!! You must be joking ??</FONT> </P> <P><FONT SIZE=2>Have you ever tried to maintain Perl code made by other people than you?</FONT> <BR><FONT SIZE=2>Tried to used its object-oriented features ;-)) ? Real code reuse in Perl!!!</FONT> <BR><FONT SIZE=2>Do you mean copy & paste operations???</FONT> </P> <P><FONT SIZE=2>With ASP you use a "glue" called JavaScript & VBScript, and for the really</FONT> <BR><FONT SIZE=2>complicated business logic you use trully advanced & proper programming </FONT> <BR><FONT SIZE=2>languages like C++ or even Java...</FONT> </P> <P><FONT SIZE=2>Stored procedures can be used for operations which have to be</FONT> <BR><FONT SIZE=2>very fast, or when you want to be sure of the "low-level" integrity</FONT> <BR><FONT SIZE=2>of your database ...</FONT> </P> <P><FONT SIZE=2>_____________________</FONT> <BR><FONT SIZE=2>Bertrand Schmitt</FONT> <BR><FONT SIZE=2>Chief Technical Office</FONT> </P> <P><FONT SIZE=2><A HREF="mailto:bertrand.schmittat_private">mailto:bertrand.schmittat_private</A> </FONT> <BR><FONT SIZE=2><A HREF="http://www.arkadia.com" TARGET="_blank">http://www.arkadia.com></FONT> </P> <P><FONT SIZE=2>Tel : +33(0)1 41214416</FONT> <BR><FONT SIZE=2>Fax : +33(0)1 41214415</FONT> </P> <P><FONT SIZE=2>42, rue Louis Calmel</FONT> <BR><FONT SIZE=2>92230 Gennevilliers - France</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01BF8378.03A7E634--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:38:37 PDT