LISTSERV - HP3000-L Archives

HP3000-L Archives

March 1995, Week 3

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L March 1995, Week 3

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	MS-Access and IMAGE/SQL
From:	"Rudderow, Evan" <[log in to unmask]>
Reply To:	Rudderow, Evan
Date:	Wed, 15 Mar 1995 09:01:00 EST
Content-Type:	text/plain
Parts/Attachments:	text/plain (57 lines)

Denys wrote:

<snip>

>Today, I downloaded a table in an MS-Access database to a (ultimately)
IMAGE
>dataset.

<snip>

Of course, the first question that comes to mind is, "Why would you want to
do that?"

But then, there's an even better question, "Why would you want to do this?":

We use HP's Information Access as our decision support tool (don't ask why
 -- or is that, "Why ask why, Bud dry"?).  Some months ago I was messing
around with it and I discovered that it had this feature (on the FILE menu,
I think) called CONVERT OUT.  Of course any reasonable person would
recognize that this is for converting your result table out to a local PC
database format.  Not being reasonable I tried converting out to the
Allbase/SQL table that I had retrieved the records from.

It worked.  Friends, it worked *GREAT*!.

Well, that's just dandy isn't it -- a REPORTING tool that allows you to
WRITE to the database!  Of course, you must have authority to write to the
database (I was logged in as the DB Creator)...

Since Image/SQL is a read/write interface this applies equally well to
TurboIMAGE databases.

So, the answer to the burning question, "Can the PC equivalent of BRW be
used as an effective data entry program?" is an unqualified: YOU BET!

I spoke with the Response Center about this. Their initial reaction was that
this wasn't possible.  On reflection they came to the same conclusion that I
had -- if the tool allows saving the data to a database, then you don't
really have any control at the *tool* level about what database it can or
cannot write to.  It's up to the DBA to establish security that disallows
the kind of misbehavior that I engaged in.

There *IS* a lesson in this:  Even if a given user logs on as, say, an
account manager, to run HP3000 applications, *don't ever* give them a logon
with their decision support tools that grants them anything more than SELECT
authority.  I mean, do you really want to be in the position of explaining
to your auditors that your end users corrupted the logical integrity of your
corporate data bases with end user reporting tools or with, say, Lotus?

This is just a friendly note pointing out that the world isn't as safe as
you think...

 -- Evan

p.s. - Does anybody know about a product called DBCondom that's supposed to
protect your database against unsafe end user reporting?

ATOM RSS1 RSS2

RAVEN.UTC.EDU