Regarding securing access, I'd argue that the problem is the lack of service interfaces, but rather the inability to pass true identity through to the database, relying on system accounts associated with connection pools instead.
-tb Todd Biske http://www.biske.com/blog/ Sent from my iPhone On Jul 7, 2008, at 9:33 AM, "Kirstan Vandersluis" <[EMAIL PROTECTED]> wrote: > --- In [email protected], Michael Poulin > <[EMAIL PROTECTED]> wrote: >> >> The DAL became a point of indirection where all needed interceptions > of data could happen. It was not related to any particular > application. Moreover, it was a mandatory environment element for > access all strategic DB. > > Michael, you bring up another set of benefits of a data abstraction > layer: regulating and monitoring access to the data. I certainly > hear consistently that this is a big issue with companies I work > with. Most continue to use ad-hoc methods to restrict access, such as > allowing access to the database only through stored procs (no ad-hac > queries). > > In an SO environment, it seems these requirements could be satisfied > at a higher level by run-time governace tools like those from > AmberPoint and Forum/XWall. Still, I see those responsible for the > data may continue to want control, or at least monitoring of the data > layer. > > -Kirstan > > > > ------------------------------------ > > Yahoo! Groups Links > > >
