- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
The board of directors don't get to see the paper trail, they just get told of an IT problem that required taking action against the IT staff.
If more things come out the IT staff are castigated for not making their warnings clear enough - ie. written in blood on the managers wall or whatever stupid escalation the failed manager can think of.
Paper trails are only really useful if the majority of the chain of command is honest. That sysadmin in San Francisco probably had a nice clear paper trail which will help when he gets to court but does nothing before then.
Admin
Actually we had a whole bunch of other snafus this year. One of them was even my fault (two, if you count "trusting a zip utility to do what you told it to do" as my fault - or more precisely thinking "I've got two CPUs, let's run two zip processes to get through it faster"; I guess I just need to get used to the notion that You Shall Only Run One Instance Of Any Application At A Time). I was up until 3:45 this morning regenerating the data yet again, after that one. I really hope that's the last of it until next year.
Admin
So, if the data was available to anyone in the company, that would be ok right? If all of the data stored by the system corrupts itself and a day or two of work is lost, that would be ok right? It has nothing to do with not liking Microsoft. It has to do with using a corporate grade DBMS like SQL Server, a Microsoft product, for an corporate application and not a toy like Access. It is the difference between doing deliveries in a golf cart or a truck.
Admin
Actually, Access (not Jet) is a narcotic. Like most narcotics, it isn't harmful in small doses. However, in large doses, it will kill you and like a drug addiction, it is very difficult to break. Once you go down the dark path of Access, forever (or at least for quite a bit of money) does it dominate your destiny. Frankly, Access does not scale. It does not port to other platforms and it has a habit of corrupting itself. Thus, if only used a RAD tool, it is average. But used for anything other that or as a tool for one-off imports, it is playing with fire.
Admin
Silly IT people. The HR guys had to remind them that their job is to APPROVE third party software, not critique it.
Admin
http://support.microsoft.com/kb/q303528/
"Microsoft Jet is not intended for use with high-stress server applications, high-concurrency server applications, or 24 hours a day, seven days a week server applications. This includes server applications, such as Web applications, commerce applications, transactional applications, and messaging server applications. For these types of applications, the best solution is to switch to a true..."
and
http://msdn2.microsoft.com/en-us/library/ms811092.aspx#msdeforvs_topic8
"Jet can support up to 255 concurrent users, but performance of the file-based architecture can prevent its use for many concurrent users. In general, it is best to use Jet for 10 or fewer concurrent users."
Admin
Admin
I'm a former Accenture employee and I can confirm what basseq said. Dave's full of it, Accenture uses the same databases everybody else does. The only time I interacted with Access when I worked for Accenture was one time when a client had some data in an Access database.
Admin
It's called SQL Injection
Admin
It's 2009, and thats a most canonical example of a SQL Injection, and it still has to be explained. Scary!
Admin
[quote=MHDTo be fair, instead of queuing the Access database every page request to fetch user information, it makes sense to put all that data in the session. It's likely quicker than Access. No real WTF there in my opinion. Makes sense with the tools they have at their disposal. [/quote]
The concept on and by itself is not WTFish so long as the information being retrieved from the database into the session is not into the tens of kbs (or more), and the number of concurrent users is not in the thousands. In the WTF code example, they are loading almost 200 fields. Some of them are HTML blocks which can easily be 50-100 bytes each. Assume its 200 fields * 60 bytes (10 bytes for field name and 50 bytes per value size), that's more or less 12kb.
For a small, intranet site, that's fine. But for a mid-size to large intranet one, that's getting into the realms of WTFland. It might sound like nitpicking, but I've seen real apps tanking because of supposedly small sessions multiplied by an unexpected number of users during peak hours.
Furthermore, the larger the session being held on the mid-tier, the harder that it is to scale an application. One should only load into the session the stuff that is needed the most often or with more regularity. There are other stratagems that help (.ie. caching on the local disk or a local/co-located db/key-value store), the complexity of which are justified only in the face of real availability requirements.
But a simple assumption to load a multitude of database columns into the session, including html fragments (wtf with people loading html fragments on a session?), that can easily turn WTFish real fast.
Admin
Meh, it has its place. On different jobs, I've worked with financial analysts (or people working on logistics, shipping or inventory) using Access on their desktops to run custom reports and do their own ad-hoc analytics on database dumps provided to them at given intervals (usually daily, weekly or bi-weekly, depending on the nature of the data.)
It's a cheap way to provide semi-quasi-okie-dokie data warehousing and reporting capabilities to what I call "power users" - business users that are sufficiently tech savvy to do their own sql queries, reporting and even VB-scripting on dumps separated from live data. The ROI of those approaches are tremendous as they increase productivity and allow power users to really analyze data and what not.
That's pretty much the idea behind Access (and I'd surmise VBA). For that job, they are excellent tools, but then we have IT tards using them for developing actual applications with transactional requirements :-/
Admin
Surf to http://localhost/database.mdb (or replace localhost with the servers ipadress) and watch his face go red again.
Admin
Admin
why was i not surprised to see accenture mentioned....
Admin
Anyone else notice that the ultra secure database.mdb was sitting in the root folder for IIS? Seems like it would be easier to download that than to play tricks with the SQL query.
Admin
Yes, you're exactly correct. It's called SQL injection. What really blows your mind, is when someone develops an interface that takes SQL directly from the client.
Admin
Not only they DO use Access instead of other databases routinely, even when using Oracle o anything else they never take care of code insertion in password fields in their forms. I've seen almost EVERY WTF here published in production code written by Accenture (and its filials, such as Coritel and others). Even a simple rounding to integer it's a wild forest in their hands. And they sure are pretty well paid and pretty slow. And of course, I've never seen the least care in subjects as integrity, security, correction, and (of course not) performance, nor any ejecutive nor any kind of boss there said never a word about those subjects. The only thing that matters there is a cute suit and tie, staying seated in front of your desk even in lazy days four at leasr two hours past your exit time, and those brain-washing meetings where you are told hundreds of times how high are the incomings this year, and how good they are.
Admin
This trick is generically called an SQL-injection attack. Google it if you are interested.