Access provides better Security that Sql Server

Comments

# William said on August 13, 2005 12:43 PM:

Ouch! Tell him to hook it up to a web page and hit it from Asp classic, Jsp, or Php with read only queries and see how long it takes to crash or corrupt. Access is a decent database for small files and single user access. It's a sh!tty DBMS and I am talking about the difference between the database and the DBMS. It's actual disk storage techniques IE "the database" is not to bad for small files like I said but that's providing it's only one or two people using it. It's meant to be a desktop database and DBMS to fill the gap between Excel and a real multi-user RDBMS and database. I hate, hate, hate, hate, hate, hate, hate, hate, hate, hate ,hate talking to morons like that and I hate Access even more than that because not only does it get misused almost as often as Excel it also allows people to use VBA which should be listed as a crime against humanity.

# William said on August 13, 2005 12:48 PM:

Well a few other thigns - one... He signs his sig MCP - which means 'I Could only pass one cert exam and then I gave up'. I've heard a few recruiters say that if you have a MCP, you shouldn't list it b/c most people assume that you weren't able to finish the cert if you stopped there.

But the bad part is that this clown is no doubt peddling this theory - THAT ACCESS IS more secure than Sql Server and 'real' data base systems and NO DOUBT - someone bought into this shit. Imagine that, someone buying into some fucktard Access 'guru' - I've spent 1/2 my frigging career cleaning up after jack asses like this.

And honestly, how many shops need there data protected from them? Yah, I'm sure his clients are dying to steal his data and sell their own application from it - and yet they're so stupid that they couldn't pay a temp to enter the data from his app... boy, he fooled them.

# William said on August 13, 2005 3:22 PM:

DoubleI,

You wrote:

"Because a secretary over in HR took an Access course and she says it's as powerful as Oracle but we don't have to pay all those licensing fees or have a DBA"

I believe that there are numerous other criteria that should be addressed in this statement and I think that you've missed them. Let me list them for you:

1. Is the secretary hot?
2. Is there a cleared line of site between her desk and my desk?

I think that these criteria weigh heavy on a manager's mind when deciding on whether on not to take that advice.

For the record, I commented on Sahil's post:

http://codebetter.com/blogs/sahil.malik/archive/2005/08/04/130264.aspx

where I mentioned 12TB of data. I keep that 12TB of data in segments of 2GB each in Access databases so that I get the benefit of security. I feel safer knowing that if someone wanted to get all of this data, they'd have to steal about 8,000 Access files (not all of them reach the 2GB limit). At two Access database files per DVDRW (single layer), the heist would only require 4,000 DVDs at a cost of $10,000 ($2.50/DVD) + labor costs to copy. I FEEL SAFE.

Besides, security was my primary design decision. Performance, balancing, clustering, usage patterns and other features are just not relevant when working with this much data.

I agree with EVERYTHING else you have said.

---O

p.s. ahhhhhhhhhhhh, no CAPTCHA timeout.

# William said on August 13, 2005 4:43 PM:

OS - each time you respond, I realize that you are not only exponentially smarter than I am - you're even wittier than you are smart. I think we might have to start an OS Sycophant Cult sometime soon too.

However you're wrong here. It is a KNOWN fact, that secretaries that advocate Access are NEVER hot. They are always fat, middle aged, angry and usually do everything they can to get anythink resembling hot in the office fired. And they always have this programmer wannabe syndrome. They aren't always secretaries, sometimes there clerks, technical writers or other job - but they always wish they could be a programmer (although if they work in CPA firms, they always wish they were CPAs, in legal firms, they always wish they were attorneys). So they hear that Oracle goes down occassionally and the 'DBA' drives a Porsche. Using the Form Wizard and learning 'everything there is to know about Normalization' (which takes them about 20 minutes), they build a program that 'does everything' the enterprise software with a 900 table oracle db does "except for a few minor features but all the big stuff is there". Then they write a report using the Report Wizard. the boss in Marketing sees this and goes "Wow - you did that in 20 minutes.. you're a natural'. Next thing you know you're getting called into the office asking how hard it's going to be to port the Oracle database to Access "Because development time is a fraction of what Oracle's is and you don't even need a DBA - we can hire two junior developers for what he makes" ---- OOOOPS, I started to remember an actual job of mine.

As far as your security thing goes - BRILLIANT. I bet my boy "Mr 50 User Access database guru" never even thought of that. Between that approach and his ultra secure solution- shit man, call me up, I've got contact at the Department of Defense - mabye we could pitch a db solution to handle the nuclear lauch codes. Hell, remember a few years ago when that bug in Sql Server 97 almost caused some Russian launch codes to be exposed? Well if they had access, let alone Access and these two approaches, it would have been business as usual. Need to go read Sahil now - can't wait to see your comments.

# William said on August 13, 2005 5:31 PM:

LMAO.

I bow to your insights on the "wide-loaders" and their ability to spread nonHOTNESS though any means necessary. If you ask the lower cased one, we work in just such a place. The hotties are almost extinct. The ratio is about 175-4. This also describes the ratio of Access-SQLServer databases in use. I guess I never noticed the correlation . . .

---O

# William said on August 13, 2005 6:12 PM:

I work in a place where there are a lot of hotties. None of the hotties can use Access for sh!t although several of them can use an AS/400 system really well. Luckily or unluckily depending on how you look at it many of the hotties are in higher managment and they tend to hire more hotties. The one "Access" wannabe we have is a middle aged 4'10" troll who is b!tchy to everyone especially hotties. Luckily everyone wants her fired. It's only a matter of time until she gets the boot. On the bad side, or good side depending on how you like your work environment, R&D is in Engineering we have no hotties on our floor. The few women we do have tend to be ultra-geeky and definitely not hot. Great women to work with though they know their sh!t and they aren't talking about guys 24X7 instead of doing actual work like the hotties upstairs. We have an internal IM system and the hotties are always on it 24X7 gossiping. The engineering ladies refuse to put that kind of nonsense on their machines. So it's kind of a trade off where I work you can have smart and competant on the engineering floor or hot and not so bright on the finance and marketing floor or you can have the I'm hot as f#ck but be really careful around me because I outrank you in the company by about five levels of managment types. Oh and every HR woman we have(about 10 I think) are hotter than the hottest chicks you would ever dream about working in an office environment. They are smoking hot! Don't even get me started on our call centers I seriously think you have to have silicone tits to get a job there. I have to carry a drool rag when I go over there some days.

# William said on August 13, 2005 7:25 PM:

OS - this is the one instance where "Correlation != Causation" isn't a true statement. Well, if it is causal then there's always correlation so I guess I'm just babbling - but nothign is more dangerous in a workplace than middle aged unattractive women. They hate everyone, particularly the successful, young and most of all, non-Ugly women. I'm not being sexist on this - most women will agree to this. Being a hot chick is often really difficult in the corporate world b/c guys are too busy drooling over you to take you seriously (although you'll always find guys that take work mroe serious than chicks) , normal chicks take you as a threat, and ugly chicks blame you for everything that's ever happened to them or have some weird fuckgin transference thing where they blame the hotties for shit their mom's did. They always HATE cheerleaders too.

So they love fucking stuff up - particularly stuff that works well and was the result of a lot of honest hard work - for some reason, Access and Powerpoint are their #1 weapons, followed by really lame Excel sheets with no formulas but tons of obnoxious formatting, and word documents with really awful headers and footers and watermarks that say shit like "internal document - for XXXXX department only". ANd they always have those email sigs that say shit like "If you recieve this in err, delete it immediately, notify the sender and ensure that all copies were deleted off of your server". Yah right, you answer phones and even though you have a college degree, in 20 years of your professional life, you still answer phones. your husband is banging something 100 lbs lighter and the REAL reason no one likes you or respect you is because you're an obnoxious mean bitch. For some reason, they always love gossiping and they say shit like "I'm not being mean, I just tell it the way it is. So you see, Xxxx was out getting drunk because she has no morals, and she came home and her kids were having a party. You know, she's always so busy with her career and working out that she never has time for her kids - so it's no wonder her daughter has 12 abortions to 12 different Black guys [Did I tell you that her daughter dates Black guys? Not that I'm a bigot or that there's anything wroooonggg with that, but she does seem to like the brothers and you know, those people never have jobs or anything]" They always have some noble reason for being ugly and saying hateful shit about people.. and they always justify talkign ugly about people by saying that they 'care'.

So then they get that magic day of training when the company decides everyone needs to know office. And then that 'overpaid' dba who dates the hotties down in accounting is on her hitlist. And all those know it all programmers too - "I wrote a program that users liked better and it only took me two weeks when it took their whole department 2 years to write the application - and everyone like mine better " except she leaves out that the extent of 'everyone' is her and her little asshole intern.

Man - it's too long for me to still be this angry - and I've vented about her a few times already too. Actually, the person above iss the composite of 3 people.. but I'll ahve to get Kim here to tell some more tales of "Cinde" who's real name was Cynthia but you had to spell her name "Cinde" with the 'e' instead of a 'y' because that's what her mom named her. So we called her "Cinde with an 'e'" instead of "Cinde" which made her even more mad. And since she was so fat, she didn't shower (or I guess if she did, she couldn't get a few more aromatic areas).

# William said on August 13, 2005 7:27 PM:

Andy - you have hotties in marketing though don't you?

And as far as the Access troll - ok everyone, can you find an example of a cool hot chick that works on Access? Or even a programmer that's cool and smart that prefers access? That's probably more rare than a TV Preacher without hair spray.

# William said on August 13, 2005 9:44 PM:

No we have a few wannabe's that use Access in IS and in MIS but no actual developers using it.

We have a few hotties that are using said MIS macro writer's Access applications but not by choice. They hate him so much they won't even ask him questions directly. They ask the MIS supervisor to go ask their questions for them. It's kind of funny because she's smoking hot and he hates her. She's a CPA and he's an Access guy yet he thinks she's dumb. Then he got the MIS director to change his title to "Software Engineer" when he got hired on full time in house.

So in many cases like most recently his customer request form I get asked to re-write his stuff so people can actually use it. If it's the MIS supervisor asking I do it because she's hotter than holy f#ck, she's also super nice and takes me out to eat when I do her favors.

That web form I re-wrote recently of his was so bad I almost posted the code on the daily WTF. In some cases he had a table in Access with a bunch of canned answers to questions like yes, no, unkown etc. and he was running a separate ADO query for like 15 dropdowns on the page that used that table. So 15 queries for 15 identical dropdowns.

Because he couldn't get his dropwdowns when empty to remain a constant size he filled them with the html escape sequence for space until they were wide enough. Because that character is not character 32 a lot of whitespace checks won't catch it so his copy/paste from the internet validation code against those required fields was returning that they had something in them and they ended up with garbage in their database.

Then if a field really was blank he just popped up a message that said a required field was missing a value and didn't in any way show them which field it was.

When he was asked to put his dumb @ss form in the companies internal web site he threw fit because his stupid jacked up way of dealing with cookies didn't work in frames which he blamed on the web admin for the company site.

Mine worked just fine when I re-wrote the form for him and it now inherits the css from it's parent frames so it actually matches the company web site now.

The list goes on and on and on. The thing could sometimes take up to a minute to submit after they hit the button and often crashed all .Asp extenion pages on the whole server when it did. Which he of course also blamed on the web admin.

I took the whole thing and re-wrote it in Php using ODBC and had them stick it in it's own application que. It takes a max of about a tenth of a second to submit now and the server hasn't crashed since I published it.

That is just the start of the mess this guy has created. If it had been anyone else except the MIS supervisor asking me to re-write it I would have said no but the form feeds her depts. processes so she asked I said yes and I got a lunch with her out of the deal. It took me week to re-write it mostly because I had to figure out what it was trying to accomplish in the first place because he couldn't explain it to me.

Don't even get me started on his bit field security check string to see who is allowed what access on different forms. No it's not an integer which you AND against a permission integer like a normal bit flag check it's a string of 36 zeros and ones which does a mid string function to see if the character at that position is a zero or a one.

So yeah I pretty much hate Access dorks.

# William said on August 14, 2005 7:46 AM:

Damn - I must have posted Andy as the name in my last post - I got the URL right, http://www.msmvps.com/WilliamRyan but I screwed up my own name - what a loser I am. Must have been b/c Andy was the first word in the paragraph I was typing.

OS - I got your email and Yes, I knew you were joking. In typical fashion though - that was particularly witty b/c if Mr Access One Certification's logic was solid, than the approach you mentioned wouldn't be that absurd after all - and I can f~cking guarantee you that if you posted that in many circles, there would be more than a few folks that thought it was a birllant idea. And in typical Access programmer form (no pun intended), they'd get around the problem of having x,000,000 different 2gb databases by spending two months writing macros to do really slow and lame searches on the tables or - actually, what they'd do is great a giant text file out of all of those terrabyte access dbs.

I know a guy who's actually having to do something like this right now - at $65.00/hr. There's like 200 access db's with the exact same schemas but for each department, they made a new copy of the db - and now they need all of those dbs to talk to each other and he's getting paid to consolidate them. They aren't stored in any logical manner so you can't recursively traverse the directory to find them... Let me see if I can get him to post about it

# William said on August 15, 2005 12:17 AM:

Man this is incredible. You always run into some buffoon who is unwilling to listen. Or rather will listen what he wants to listen rather than what you have to say ;-).

# William said on August 15, 2005 3:49 AM:

Not to mention that Access is prone to DLL hell and its database can be easily corrupted.

Miha Markic [MVP C#]
RightHand .net consulting and software development
Blog: http://cs.rthand.com/blogs/blog_with_righthand/
www.rthand.com

# TrackBack said on August 27, 2005 8:42 PM:

Access provides better Security that Sql Serverooeess