db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Veaceslav Chicu ...@infologic.fr>
Subject Re: COMMENT statement
Date Tue, 14 Sep 2004 13:46:34 GMT

I use that for schema documentation, my memory is not so good
I have a widget, with F1, app user can see comment for the field

my database is opened for the user, why should I hide my schema? I have 
grants for the rights (not in derby ?)
or I should create databases without any comment on field, maybe field 
name is something like "87da98aa" ???

if you want to hide your schema encode database, rename fields, do not 
use COMMENT ON, I want to give to the user possibility to work with 
data, to comment fields, to see my comments, I found that COMMENT ON is 
good for that, it's more natural, for a desktop application

what you are doing with derby? why you are so paranoic? maybe it's not 
for you, maybe you should use a specialised product with a better security

best regards,
P.S. if a hacker broke into your database using SQL injection, your 
application have a security hole, or database server has a security hole

Jan Hlavaty wrote:

> On the contrary, I think we don't need this ;-)
> The fact that some other database has a feature does not imply we must 
> have it too. Adding a feature should be justified.
> Think of it this way - what is it good for? Who and how would use it?
> Comments on schema objects are good for someone that:
> 1) can get into the schema in the first place, so is DBA or 
> interactive SQL user with direct access to database
> 2) does not know the schema well enough
> 3) cannot get regular documentation about the schema
> Who is the guy that meets all these requirements? A hacker who broke 
> into your database using SQL injection ;-)
> Just my 2c.
> Jan
> Marshall Dunbar wrote:
>> I agree.  Comment On would be a very useful feature.  Does anyone know
>> the process to get this on the development "to-do" list?
>> Marshall
>> On Tue, 14 Sep 2004 09:06:24 +0300, Veaceslav Chicu <cs@infologic.fr> 
>> wrote:
>>> yes, exactly
>>> it's present in other databases also, not db2 only
>>> https://aurora.vcu.edu/db2help/db2s0/frame3.htm#sqls0609
>>> I'd like Derby more, with that
>>> best regards,
>>> Slavic

View raw message