Re: Abstracting DB Schema from Web Forms

[Greg Willits <lists () gregwillits ws>]

On Aug 18, 2007, at 9:57 AM, Jason Troy wrote:
> On 8/15/07, Greg Willits  wrote:
> > I have a question whether this practice I'm  about to describe is
> > good, unnecessary, or just falls within the "whatever floats your
> > boat" category.
>
> I asked my co-workers your question - here's what a couple said....

Jason, thanks for the effort and the feedback.

Obviously the point isn't to use obscurity in lieu of actual  
defensive programming against injection, I was just wondering how  
many people did it as an extra "layer" (however thin it may be). The  
more concentric rings of difficulty/defense, the better I figure.

These days I do it as much for separation of data/view as anything  
else (so view/form code can interact with db, web services, etc).

As for extra work, I've created a general purpose mapper / ORM-ish  
layer doing all the translation, and throughout the app I can use the  
abstracted name, so it really doesn't feel like extra work at all  
when coding -- even when creating new apps.

So, I guess it floats my boat, but it's not a tsunami.

-- greg willits


-------------------------------------------------------------------------
Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online 
despite security executives' efforts to prevent malicious attacks. This 
whitepaper identifies the most common methods of attacks that we have seen, 
and outlines a guideline for developing secure web applications. 
Download today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008rSe
--------------------------------------------------------------------------