i have my daily Timesheet application exe and web both,but some people execute sql directly on database server to insert record,is there any way to find which record in table is inserted or update using application and which using direct sql.
So you applicaitons where u have control, if possible, add a new column let say: isapplication
set it to allow nulls, and set its type as Boolean
then using both applications, change the code (exe must be re produced)
so that using both applications you place a value True (integer: 1)
thus every record having True value in isapplication column indicates that the entry is made by either of the
applicaitons, and False means it is inserted by other means
A database should be protected from direct SQL's it is not a good approach to allow users to
directly query the database, so protecting the database is better recommended from me instead of changing
application code
this new column easilly find by using sql profiler. when end use run exe, by using sql profiler user can easilly found that column so this way is not usefull for mi.
You can add a varchar column to your table to hold who added the row, called "AddedBy" or something similar.
Then you put a INSTEAD OF INSERT, UPDATE trigger on the table, and no matter what the user tries to insert in "AddedBy", you replace it with USER_NAME().
Then you will be able to see when a record was added by your ASP.NET application login, or somebody's personal login.
-Tab Alleman
Marked as answer by sandipb on Feb 08, 2013 03:05 AM
sandipb
Member
3 Points
25 Posts
Want to identify which data insert/update using application or direct sql
Feb 04, 2013 04:18 AM|LINK
Hi All,
i have my daily Timesheet application exe and web both,but some people execute sql directly on database server to insert record,is there any way to find which record in table is inserted or update using application and which using direct sql.
usman400
Contributor
3513 Points
721 Posts
Re: Want to identify which data insert/update using application or direct sql
Feb 04, 2013 05:47 AM|LINK
So you applicaitons where u have control, if possible, add a new column let say: isapplication
set it to allow nulls, and set its type as Boolean
then using both applications, change the code (exe must be re produced)
so that using both applications you place a value True (integer: 1)
thus every record having True value in isapplication column indicates that the entry is made by either of the
applicaitons, and False means it is inserted by other means
A database should be protected from direct SQL's it is not a good approach to allow users to
directly query the database, so protecting the database is better recommended from me instead of changing
application code
sandipb
Member
3 Points
25 Posts
Re: Want to identify which data insert/update using application or direct sql
Feb 04, 2013 09:22 AM|LINK
hello usman,
this new column easilly find by using sql profiler. when end use run exe, by using sql profiler user can easilly found that column so this way is not usefull for mi.
TabAlleman
All-Star
15557 Points
2698 Posts
Re: Want to identify which data insert/update using application or direct sql
Feb 04, 2013 01:31 PM|LINK
You can add a varchar column to your table to hold who added the row, called "AddedBy" or something similar.
Then you put a INSTEAD OF INSERT, UPDATE trigger on the table, and no matter what the user tries to insert in "AddedBy", you replace it with USER_NAME().
Then you will be able to see when a record was added by your ASP.NET application login, or somebody's personal login.
arkan.turk
Contributor
2996 Points
712 Posts
Re: Want to identify which data insert/update using application or direct sql
Feb 04, 2013 09:06 PM|LINK
hi
i think you wach it with trigger for insert
MCSD & MCAD