psycho nazi dba's need to first get over themselves...
a view to the tables can obscure enough if that's the reason...
and Im not sure that I can even come close to agreeing that cf code
will look better if you use stored procs...
that's like saying cfscript is better to use because you feel that *looks*
better...i wasn't aware that we were entering our code into beauty
pageants...
anyway, there is still no hard evidence of storedprocs over cfquery for ANY
reason
yet...
wow...i guess the older I get the more I agree with matt
-----Original Message-----
From: Stephen Barry [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 24, 2004 5:23 AM
To: CF-Talk
Subject: RE: why are procedures better? (was: RE: Securing CF Apps.)
While not wanting to get into the whole Stored Procedures V <CFQUERY>
argument, I have to say there are times when stored procedures are a more
suitable solution.
For example in a large company looking to add limited intranet access to an
important DB - its quite likely they already have their DB experts who are
reluctant to allow any access, particularly from something like Coldfusion
which they don't understand or aren't comfortable checking. Stored
procedures allow a very neat separation of presentation and DB logic which
better mirrors internal company structure.
This means that both aspects benefit from specialist attention (and your
Coldfusion code looks neater). Both layers can be tuned and secured
independently.
Personally I don't use stored procedures when there isn't a good case for
them - while I'm a big fan of separating business logic from presentation,
for pure development speed you can't beat <CFQUERY>.
- Steve Barry
> -----Original Message-----
> From: Matt Liotta [mailto:[EMAIL PROTECTED]
> Sent: 24 March 2004 01:48
> To: CF-Talk
> Subject: Re: why are procedures better? (was: RE: Securing CF Apps.)
>
>
> > 1. They execute faster. The db (I only know from Oracle and SQL
> > Server, if others are different it doesn't really concern me) can
> > optimize the execution plan.
> >
> Prepared statements execute at the same speed as stored procedures.
>
> > 2. You can often times do more. There are things I can do
> in a pl/sql
> > package/procedure that I cannot do in a query call
> >
> For example?
>
> > 3. You can limit access with them. Now granted you can
> set it up so
> > you are
> > only selecting from a view in your query block as well,
> but it makes
> > more
> > sense to me to do it in a procedure.
> >
> Why does it make more sense?
>
> > 4. An additional layer of security. You can ensure that
> you user not
> > only
> > cannot execute the procedure, but they can't even tell it exists.
> >
> If the user is executing the procedure how could they not know it
> exists?
>
> > I am sure there are more reasons, but I think those are
> sufficient to
> > use
> > procedures.
> >
> If that's all, I guess I'll continue to use cfquery.
>
> -Matt
>
************************************************************************
Meteor web site http://www.meteor.ie
************************************************************************
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
