3

I would like to have your advice.

I'm now developing a small WPF client application using C#, bindings, ADO.Net Entity Framework, ODP.net and an Oracle database.

The application is a small one, two XAML screens, about 15 tables. I was developing using entities by filling my entities through the application and using the SaveChanges method.

However our DBA said me that I don't have the right to make direct access to the but only using stored procedures. I asked him why and he said me that it is a security reason because using stored procedures forces to provide the row identifier when deleting a record in one table.

According him the risk is that the application will maybe delete all the rows in one table instead of only one row if the id is provided througe the stored procedure.

I find that is a lot of overkill for only 15 table.

What do you think about that?

2 Answers2

1

Have you suggested to your DBA that you use Linq to SQL? That way you can extract objects, representing individual rows and it would make it far less likely you would accidentally delete multiple rows.

Personally I think EDM might be overkill for the size of DB.

I should say I'm a big proponent of LINQ to SQL and not a big fan of SPs however....

Andrew
  • 2,315
  • 3
  • 27
  • 42
0

LINQ2SQL on top of ODP.NET is a great stack. And I agree with Andrew, because you would have to write code to load the records, delete all of them, and commit the changes, it's not exactly something that can happen "easily".

Forgetting a where clause in a LINQ statement is no easier or harder then forgetting a where clause in a stored procedure.

Tom Halladay
  • 5,651
  • 6
  • 46
  • 65