Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Feb 04, 2013 09:06 PM by arkan.turk
Feb 04, 2013 04:18 AM|LINK
i have my daily Timesheet application exe and web both,but some people execute sql directly on database server to insert record,is there any way to find which record in table is inserted or update using application and which using direct sql.
Feb 04, 2013 05:47 AM|LINK
So you applicaitons where u have control, if possible, add a new column let say: isapplication
set it to allow nulls, and set its type as Boolean
then using both applications, change the code (exe must be re produced)
so that using both applications you place a value True (integer: 1)
thus every record having True value in isapplication column indicates that the entry is made by either of the
applicaitons, and False means it is inserted by other means
A database should be protected from direct SQL's it is not a good approach to allow users to
directly query the database, so protecting the database is better recommended from me instead of changing
Feb 04, 2013 09:22 AM|LINK
this new column easilly find by using sql profiler. when end use run exe, by using sql profiler user can easilly found that column so this way is not usefull for mi.
Feb 04, 2013 01:31 PM|LINK
You can add a varchar column to your table to hold who added the row, called "AddedBy" or something similar.
Then you put a INSTEAD OF INSERT, UPDATE trigger on the table, and no matter what the user tries to insert in "AddedBy", you replace it with USER_NAME().
Then you will be able to see when a record was added by your ASP.NET application login, or somebody's personal login.
Feb 04, 2013 09:06 PM|LINK
i think you wach it with trigger for insert