Re: Data integrity
From: Christian Rosenzweig (Christian.Rosenzweig_at_medvision.de)
Date: 05/12/03
- Next message: Dennis Redfield: "Re: Can i start a MSSQLServer service remotely?"
- Previous message: BP Margolin: "Re: Data integrity"
- In reply to: BP Margolin: "Re: Data integrity"
- Next in thread: BP Margolin: "Re: Data integrity"
- Reply: BP Margolin: "Re: Data integrity"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 12 May 2003 03:53:26 -0700
Thanks for your answer.
I do not expect 100% integrity, what I mean by that is "as
much as reasonable possible". Sorry for my
misunterstandable statement...
My problem is the following: I have to prove (expected by
government officials) that medical data which I store will
be the same when I read it back any time.
If I use for example a simple text file I have to
implement at least following features to my application:
1. after writing the data to file, I have to read it back
and compare it to the RAM data to be quite sure the
writing process was ok
2. before writing the data to file I have to create a kind
of fingerprint which will be written to file as well to be
able to compare it to the data any time
3. I have to do reading twice and compare both results to
be quite sure that there was no reading failure which
caused data changes
So I thought: it will be better to use a professional
database like MS SQL server to get build-in integrity
checks for point 2. But the government officials told me
that they do not believe that there are such build-in
mechanisms in the database and I have to use fingerprints
etc. in my application layer.
I asked Microsoft to give me documents which say: "Yes, MS
SQL server provides guarantee against possible data damage
during period of data storage by those mechanisms: ...."
But I did not get something like this and nobody could
tell me whether there are such mechanisms.
Some years ago I got a document by IBM for the DB2
database which pointed out the data integrity mechansims
and it was accepted by government officials.
How can I get such a document from Microsoft?
>-----Original Message-----
>Christian,
>
>The physical database files contain both data and
metadata. If the bit that you change is metadata, you
might very well end up with a corrupted database. If the
bit that you change is data, then to some extent the
question becomes "What is SQL Server doing at the moment
that the bit changes?".
>
>For example, SQL Server could have read the data from the
physical medium a moment before you changed the bit, and
then be about to write back to the physical medium new
data. In this sequence, the bit change you made is going
to be "invisible" because the changed bit is going to be
overwritten without being used.
>
>Of course, much more likely, if you change a bit, then
the next time that SQL Server reads the bit, it's going to
just read the changed bit, and not know that it has
changed.
>
>> If there is no internal security mechanism in SQL
server I
>> have to implement crc or hash algorithms for any data
>> storing in my application.
>
>> I need it for certification of a product which is used
in
>> a medical product which claims for 100% data integrity.
>
>I don't mean to be difficult, but even the use of crc or
hash algorithms do not guarantee 100% data integrity. In
fact, NOTHING guarantees 100% data integrity. It just
ain't possible in the real world ... you can get very,
very close to 100%, but you can never actually there. As
an analogy ... both fingerprints and DNA is acceptable
legal evidence at least in the USA to "uniquely" identify
an individual. Problem there is, if you read the
scientific literature carefully, neither fingerprints nor
DNA are actually 100% "safe" in that regards. There is a
very, very, very low probability of two people having the
same fingerprints, but the probability just ain't zero.
With DNA, the easiest counterexample are identical
twins :-)
>
>-------------------------------------------
>BP Margolin
>Please reply only to the newsgroups.
>When posting, inclusion of SQL (CREATE TABLE ...,
INSERT ..., etc.) which
>can be cut and pasted into Query Analyzer is appreciated.
>
>"Christian Rosenzweig"
<Christian.Rosenzweig@medvision.de> wrote in message
news:02d301c3185e$fc189dd0$a301280a@phx.gbl...
>> Hallo,
>>
>> when I change any bit in the database (e.g. by hex
editor)
>> or any bit changes by physical effects like magnetism
what
>> happens with my SQL server? Does it recognize such
>> manipulations? Is there a warning? Or do I get wrong
data
>> according to changed bits?
>>
>> Microsoft seems to refuse to give me a official
statement.
>> I need it for certification of a product which is used
in
>> a medical product which claims for 100% data integrity.
>>
>> If there is no internal security mechanism in SQL
server I
>> have to implement crc or hash algorithms for any data
>> storing in my application.
>>
>> Thanks for any helpful answers.
>.
>
- Next message: Dennis Redfield: "Re: Can i start a MSSQLServer service remotely?"
- Previous message: BP Margolin: "Re: Data integrity"
- In reply to: BP Margolin: "Re: Data integrity"
- Next in thread: BP Margolin: "Re: Data integrity"
- Reply: BP Margolin: "Re: Data integrity"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
