In research progress in development, you must keep in mind the protection for your data. Today i will show you dependency of protetcions.
It has a lot of name, because it has a lot of breaches.
First of all, what are the basics of this idea ?
Based on : Here I use SQL langage
What that : It’s a langage uses to manipulate database.
What for ? It’s to create and manipulate information.
How ? With scripts and that’s why it’s dangerous.
Ok, now we can begin :
First of all :
Why protect Database?
It’s simple! Why do you lock your door when you leave your home or your car? It’s not necessarily because you have a lot of money inside, but you don’t want anyone in your home without permissions. And think about it. For an enterprise now, with money and critical information …I think you get it.
Keep in mind this sentence: Never trust user.
Yes, we are all users... and a lot of users bring a lot of random actions. I choose a world with candies and free hugs. Keep in mind this world. In this world all kinds of thing are good. And in your goodness you buy for a special friend a special gift, a CD musics. You think at this time it's a really good idea. But when you give it to him, he opens it and throw it away.
Why he does it? Because he thinks it was a frisbee.
And this, it's from a good-world.
You have to drive users, to keep them in the road. And it's not necessarily difficult to do it. You just have to prepare commands, filter inputs and never never trust users!
To understand the structure of this idea:
Ok, now, in practice:
You have to prepare security. And that’s why triggers, functions and procedures exist.
In an example, we can use triggers to keep a history of what we do with the database.
Procedures are used to create global actions on data to have assurance of inserts, deletes or creations.
Functions are used to create specific actions on data. To understand the difference between procedure and function, you can use procedure on a lot of databases, but you can use a specific function only for a specific database.
To finish, my feelings :
We actually know: Never trust user! Ok, so, if bad information, errors to your database, it's really bad for you. But if you want to control this you must use interface between users' actions and database. That's not the purpose here, but if you want to protect your data you have to build a great interface to! Never and ever trust users.