I have a problem with the applications hiding data model. Why would one want to do that? Personally, as a DBA, I'd always vote against such an application. This is a philosophical and ethical problem. In my opinion, when the vendor installs application in the customer's database, the customer DBA should have the ability to see what is going on. That could be extremely handy in case of a performance problem. If there is an application for the maintenance of which I am responsible, I want to be able to diagnose it and figure out what the problem is.
On 01/28/2015 02:11 PM, Mark W. Farnham wrote:
Tim and others have covered this pretty well. I don’t have any quibble with what they have written.Essentially the only way to hide your data model is to host the database server (as Mladen put it tongue in cheek “cut the network cable”) and provide the application functionality presented as a set of remote services.Even then you’re going to design an appropriate call and response interface for your application services that prevents “let’s take a peek at your database” attacks such as sql injection. I mention that one as an example that is commonly known.I think it is theoretically possible that there is proprietary value in the definition of a data model, but I have not yet observed a situation where the value of keeping the data model secret to preserve that proprietary value matched the value of sharing the data model with both customers and competitors. So even if your application functionality is amenable to be served as remote services, I would still recommend publishing your data model. Publishing, especially with a commentary regarding the purpose of the pieces of the model, will tend to improve your data model and your customer experience.Regards, mwf*From:*oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] *On Behalf Of *Harmandeep Singh*Sent:* Wednesday, January 28, 2015 6:40 AM *To:* oracle-l-freelists *Subject:* Hiding data model Hi Experts,We are having data model for our product, which we do not want to expose to our customers. That is we want even the DBA of customer with sys privileges should not understand /access the data model( like table definitions, columns ).I am aware of options like VPD, which is data level security feature as per my understanding.Please let me know your thoughts Thanks, Harmandeep Singh
-- Mladen Gogala Oracle DBA http://mgogala.freehostia.com
