Thread: Db Design: Defining an Access Control Table
View Single Post
  #7 (permalink)  
Old 08-18-10, 10:59
Pat Phelan Pat Phelan is offline
Resident Curmudgeon
  
Join Date: Feb 2004
Location: In front of the computer
Posts: 12,605
Pootle Flump is correct, but there seems to be a bit of a communication problem.

Making your application aware of security criteria does two bad things. First, it means that the application has to actively participate in any changes to security so that if you miss a check ANYWHERE in the application then your security system is compromised. More importantly, your application will become much more complex which will make it difficult to maintain and will also mean that you'll have to manage your code very differently.

By putting all of the security/access logic into the database, you have a single point of reference which is easier to manage and maintain than the application. You can build a single view that will show what cities a given user can access, use that view in an INNER JOIN to limit the cities returned by any other SELECT statements you need to build, and be done. A tiny fraction of the amount of work, cleaner application code, and a faster running application... You'll like it much better than trying to "roll your own" repeatedly!

-PatP
__________________
In theory, theory and practice are identical. In practice, theory and practice are unrelated.
Reply With Quote