Friday, March 31, 2006
Tuesday, March 21, 2006
M$ vs. Google
While wrapping things up the network admin team has now decided that they want to tighten up security, create some necessary NT accounts, and limit the database access. So during a large meeting someone asks for a list of which applications and thus which users will need what type of rights to which tables. Well, that information doesn't exist in such a concise format. It would take longer than we have to get the developers to go through thier code and document it. I mentioned that if you limit everyone to have only execute rights on the stored procedures then you won't have to give any rights to tables specifically. Of course that depends on the developers having, let alone following, a procedure the dictates that all database access go through stored procedures.
Meanwhile a couple of weeks ago there were big production problems with databases performing too slowly and sending several workers home, thus not getting some important time sensitive things done. That was all resolved quite nicely, but now someone wants to make sure the same situation won't happen in the new system when it goes live. During some of this I've been a little vocal about who's managing the database (tables are created by any developer who feels like it), and are there some appropriate indexing going on.
As both of these come to a head the question is asked, who can we have work all of this out (with knowing looks and other suggestive comments in my direction). I wisper across the table (so certain higher ups can't hear through the conference call) that it should be the DBA (database administrator), which I know we don't have. Well someone says, what about you (as in me), I say, "no I'm not the DBA (and sure as hell not paid like one) I'm a senior developer. I don't necessarily have to know the details of a database, I might not even really know much SQL." Well I got sidled with the task anyway (knowing full well this, or all of the other things I've done to save this thing from certain destruction, won't be compensated for).
First task, at least put some primary keys in some tables where appropriate. Second find out if all of the code is using stored procedures, which ones aren't, who's responsible, and what tables are they using and what is thier search criteria.
Download all of the source code from source safe (yipee for duplicate applications checked in into multiple projects). Run a search, with the OS file search tool, through my folder of source code to find any files, specifically C# source files, for anything that says "Select".....nothing. OK, search for files containing "EXEC"....nothing. Open my source file in that directory that I know has an "EXEC" in it, yup it's there. Run search again for "EXEC"....nothing. Copy a specific file to a flash drive and run a search for "exec" on the flash drive (this should effectively bypass the full disk PGP we have)....nothing.
Download Google Desktop and let it index my machine...waiting....waiting...waiting. Run a search in the same folder of source code for "select"....300+ files. Yeah for google! Boo to the crappy developers for having so much crap I'm going to have to sort through!