Apress.Expert.Oracle.Database.Architecture.9i.and.10g.Programming.Techniques.and.Solutions.Sep.2005

CHAPTER 1 ■ DEVELOPING SUCCESSFUL ORACLE APPLICATIONS 41
that it is a very rare application that can simply be picked up and moved from one database
to another. Differences in the way the SQL is interpreted (e.g., the NULL=NULL example) and
processed will always be there.
On a recent project I was involved in, the developers were building a web-based product
using Visual Basic, ActiveX controls, IIS server, and the Oracle database. I was told that the
development folks had expressed concern that since the business logic had been written in
PL/SQL, the product had become database dependent. I was asked, “How can we correct
this?”
I was a little taken aback by this question. In looking at the list of chosen technologies,
I could not figure out how being database dependent was a “bad” thing:
• The developers had chosen a language that locked them into a single OS supplied by a
single vendor (they could have opted for Java).
• They had chosen a component technology that locked them into a single OS and
vendor (they could have opted for J2EE).
• They had chosen a web server that locked them into a single vendor and a single platform
(why not Apache?).
Every other technology choice they made locked them into a very specific configuration—in
fact, the only technology that offered them any choice as far as operating systems
went was the database.
Regardless of this (they must have had good reasons to choose the technologies they did),
we still have a group of developers making a conscious decision to not use the functionality
of a critical component in their architecture, and doing so in the name of openness. It is my
belief that you pick your technologies carefully, and then you exploit them to the fullest possible
extent. You have paid a lot for these technologies—would it not be in your best interest to
exploit them fully? I had to assume that they were looking forward to using the full potential of
the other technologies, so why was the database an exception? This was an even harder question
to answer in light of the fact that it was crucial to their success.
We can put a slightly different spin on this argument if we consider it from the perspective
of openness. You put all of your data into the database. The database is a very open tool. It
supports data access via a large variety of open systems protocols and access mechanisms.
Sounds great so far—the most open thing in the world.
Then, you put all of your application logic and, more important, your security, outside of
the database. Perhaps in your beans that access the data. Perhaps in the JSPs that access the
data. Perhaps in your Visual Basic code running under Microsoft Transaction Server (MTS).
The end result is that you have just closed off your database—you have made it “nonopen.” No
longer can people hook in existing technologies to make use of this data; they must use your
access methods (or bypass security altogether). This sounds all well and good today, but what
you must remember is that the whiz-bang technology of today—EJBs for example—is yesterday’s
concept and tomorrow’s old, tired technology. What has persevered for over 25 years in
the relational world (and probably most of the object implementations as well) is the database
itself. The front ends to the data change almost yearly, and as they do, the applications that
have all of the security built inside themselves, not in the database, become obstacles—roadblocks
to future progress.
The Oracle database provides a feature called fine-grained access control (FGAC). In a nutshell,
this technology allows developers to embed procedures in the database that can modify