Civil Articles
Database Refactoring – Database Connect
You learned in A Vision for the Agile Data Method that agile methodologies such as eXtreme Programming (XP) (Beck 2000) and DSDM (Stapleton 2003) take an iterative and incremental approach to software development. Application developers on XP and DSDM projects typically forsake big design up front (BDUF) approaches in favor of emergent approaches where the design of a system evolves throughout the life of the project. On an agile development project the final design often isn’t known until the application is ready to be released. This is a very different way to work for many experienced IT professionals to work.
The implication is that the traditional approach of creating a (nearly) complete set of logical and physical data models up front isn’t going to work. The main advantage of the traditional approach is that it makes the job of the process database administrator (DBA) much easier – the data schema is put into place early and that’s what people use. However there are several disadvantages. First, it requires the designers to get it right early, forcing you to identify most requirements even earlier in the project, and therefore forcing your project team into taking a serial approach to development. Second, it doesn’t support change easily. As your project progresses your project stakeholders understanding of what they need will evolve, motivating them to evolve their requirements. The business environment will also change during your project, once again motivating your stakeholders to evolve their requirements. In short the traditional way of working simply doesn’t work well in an agile environment. If Agile DBAs are going to work on and support project teams that are following agile methodologies they need to find techniques that support working iteratively and incrementally. My experience is that one critical technique is database refactoring.
Martin Fowler (1999) describes a programming technique called refactoring, a disciplined way to restructure code. The basic idea is that you make small changes to your code to improve your design, making it easier to understand and to modify. Refactoring enables you to evolve your code slowly over time, to take an iterative and incremental approach to programming. Martin’s refactoring site, www.refactoring.com, is a good online resource.
A critical aspect of a refactoring is that it retains the behavioral semantics of your code, at least from a black box point of view. For example there is a very simple refactoring called Rename Method, perhaps from getPersons() to getPeople(). Although this change looks easy on the surface you need to do more than just make this single change, you must also change every single invocation of this operation throughout all of your application code to invoke the new name. Once you’ve made these changes then you can say you’ve truly refactored your code because it still works again as before.
It is important to understand that you do not add functionality when you are refactoring. When you refactor you improve existing code, when you add functionality you are adding new code. Yes, you may need to refactor your existing code before you can add new functionality. Yes, you may discover later on that you need to refactor the new code that you just added. The point to be made is that refactoring and adding new functionality are two different but complementary tasks.
Get more out of Information Technology Portfolio Prioritization with these free IT White Papers.
Shortcut to useful tips about the topic of internet marketing – please go through the web site. The times have come when concise information is really only one click of your mouse, use this chance.
Tags: information technology
Posted in SQL Server · July 24th, 2010 · Comments (0)
Database Security – Database Monitoring
A database is a collection of records or data that is stored in a computer system. For a database to be functional, it must not only store large amounts of records well, but be accessed easily. Moreover new information and changes should also be fairly easy to input. In order to have a highly efficient database system, you need to incorporate a program that manages the queries and information stored on the system. This is referred to as DBMS or a Database Management System. Besides these features, all databases that are created should be built with high data integrity and the ability to recover data if hardware fails.
Here are just a few of the actions that you can perform on a database that would be difficult if not impossible to perform on a spreadsheet.
- Retrieve all records that match certain criteria
- Update record in bulk
- Cross-reference records in different tables
- Perform complex aggregate calculations.
Types of Databases
There are several common types of databases; each type of database has its own data model or structure. They are
Flat Model: This is a two dimensional array of data
Hierarchical Model: The hierarchical model database resembles a tree like structure
Network Model: This is that a record is stored with a link to other records
Relational Model: The relational model is the most popular type of database and an extremely powerful tool, not only to store information, but to access it as well. Relational databases are organized as tables. The beauty of a table is that the information can be accessed or added without reorganizing the tables
Relational databases use a program interface called SQL or Standard Query Language.
Organizing / Storing a Database
Database normalization is the process of organizing data into distinct and unique sets.
The purposes of normalization are to:
* Reduce or eliminate storage of duplicate data
* Organize data into an efficient and logical structure
The process of normalization involves determining what data should be stored in each database table. The process of normalization involves working through well-defined steps, called normal forms.
Databases can be less than 1 MB or extremely large and complicated that can be terabytes, however all databases are usually stored and located on hard disk or other types of storage devices and are accessed via computer.
Accessing Information Using a Database
While storing data is a great feature of databases, for many database users the most important feature is quick and simple retrieval of information. In a relational database, it is extremely easy to pull up information regarding an employee, but relational databases also add the power of running queries. Queries are requests to pull specific types of information and either show them in their natural state or create a report using the data.
Securing a Database
Obviously, many databases store confidential and important information that should not be easily accessed by just anyone. Many databases require passwords and other security features in order to access the information. While some databases can be accessed via the Internet through a network, other databases are closed systems and can only be accessed on site. Securing the database has become simpler. A few straightforward steps can vastly improve security, usually by locking out all users except applications and DBAs.
But even that restriction doesn’t completely protect your data. One of the primary security breaches organizations experience today takes place via applications that connect to databases. Applications don’t use native database security. Instead, they access the database as a “super user” and, therefore, could represent a risk to data security.
Some of the most common examples of exploiting this risk is known as SQL injection Database Worms, Denial of Service, Buffer overflow.
SQL injection isn’t a direct attack on the database. Instead, it takes advantage of the way many Web applications that access databases are developed. SQL Injection attempts to modify the parameters passed to a Web application via a Web form to change the resulting SQL statements that are passed to the database and compromise its security. If successful, an attacker can hijack the database server and be granted the same permissions to add, drop, and change users that the application has. From that point, the database is fully exposed.
Unfortunately, the practice of SQL injection is easy to learn. Fortunately, with a little forethought, you can prevent it. The simplest way to find out if you’re vulnerable to an SQL-injection attack is to enter a single quote into each field on each form in your applications and verify the results. Some applications will return a message claiming a syntax error. Some applications will catch the error and not report anything. In both of these cases, your site has some protection from SQL injection, but don’t assume it’s secure. You can only validate your level of protection by going to the application’s source code
The Future of Security
A new security trend is to provide multiple layers of security within a computing environment. These layers can include multiple firewalls between the Internet and the organization and even firewalls within an organization to protect high-value assets.
No Better Time
Security considerations go far beyond the database. But the database should be one of the most protected elements of any business environment; after all, it usually holds the most valuable and mission-critical knowledge. With a few simple tasks, you can reduce security risk to a reasonable level. You can start by reading more: network white papers.
Gain vital info about the topic of internet marketing – please make sure to go through this publication. The time has come when proper information is truly only one click away, use this possibility.
Tags: database
Posted in SQL Server · December 20th, 2009 · Comments (0)