Re: Data integrity
From: BP Margolin (bpmargo_at_attglobal.net)
Date: 05/13/03
- Next message: BP Margolin: "Re: Limiting simultaneous user connections."
- Previous message: Jason: "How to Grant Create/Modify/Delete to *ALL* SPs"
- In reply to: Christian Rosenzweig: "Re: Data integrity"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 12 May 2003 19:19:20 -0400
Christian,
To the best of my knowledge, SQL Server does not offer the level of data integrity that might be required by your application.
I know that IBM has a number of government contracts, and so IBM might be better organized to respond to and satisfy government regulations. While I'm sure that Microsoft has it's share of government contracts, I suspect that Microsoft might not be as geared toward responding to and satisfying government regulations as IBM :-(
Bottom line, I have no influence within Microsoft, so I can't tell you a way to get what you want from Microsoft.
-------------------------------------------
BP Margolin
Please reply only to the newsgroups.
When posting, inclusion of SQL (CREATE TABLE ..., INSERT ..., etc.) which
can be cut and pasted into Query Analyzer is appreciated.
"Christian Rosenzweig" <Christian.Rosenzweig@medvision.de> wrote in message news:040d01c31874$b7764400$a401280a@phx.gbl...
> Thanks for your answer.
>
> I do not expect 100% integrity, what I mean by that is "as
> much as reasonable possible". Sorry for my
> misunterstandable statement...
>
> My problem is the following: I have to prove (expected by
> government officials) that medical data which I store will
> be the same when I read it back any time.
>
> If I use for example a simple text file I have to
> implement at least following features to my application:
> 1. after writing the data to file, I have to read it back
> and compare it to the RAM data to be quite sure the
> writing process was ok
> 2. before writing the data to file I have to create a kind
> of fingerprint which will be written to file as well to be
> able to compare it to the data any time
> 3. I have to do reading twice and compare both results to
> be quite sure that there was no reading failure which
> caused data changes
>
> So I thought: it will be better to use a professional
> database like MS SQL server to get build-in integrity
> checks for point 2. But the government officials told me
> that they do not believe that there are such build-in
> mechanisms in the database and I have to use fingerprints
> etc. in my application layer.
>
> I asked Microsoft to give me documents which say: "Yes, MS
> SQL server provides guarantee against possible data damage
> during period of data storage by those mechanisms: ...."
>
> But I did not get something like this and nobody could
> tell me whether there are such mechanisms.
>
> Some years ago I got a document by IBM for the DB2
> database which pointed out the data integrity mechansims
> and it was accepted by government officials.
>
> How can I get such a document from Microsoft?
>
>
>
> >-----Original Message-----
> >Christian,
> >
> >The physical database files contain both data and
> metadata. If the bit that you change is metadata, you
> might very well end up with a corrupted database. If the
> bit that you change is data, then to some extent the
> question becomes "What is SQL Server doing at the moment
> that the bit changes?".
> >
> >For example, SQL Server could have read the data from the
> physical medium a moment before you changed the bit, and
> then be about to write back to the physical medium new
> data. In this sequence, the bit change you made is going
> to be "invisible" because the changed bit is going to be
> overwritten without being used.
> >
> >Of course, much more likely, if you change a bit, then
> the next time that SQL Server reads the bit, it's going to
> just read the changed bit, and not know that it has
> changed.
> >
> >> If there is no internal security mechanism in SQL
> server I
> >> have to implement crc or hash algorithms for any data
> >> storing in my application.
> >
> >> I need it for certification of a product which is used
> in
> >> a medical product which claims for 100% data integrity.
> >
> >I don't mean to be difficult, but even the use of crc or
> hash algorithms do not guarantee 100% data integrity. In
> fact, NOTHING guarantees 100% data integrity. It just
> ain't possible in the real world ... you can get very,
> very close to 100%, but you can never actually there. As
> an analogy ... both fingerprints and DNA is acceptable
> legal evidence at least in the USA to "uniquely" identify
> an individual. Problem there is, if you read the
> scientific literature carefully, neither fingerprints nor
> DNA are actually 100% "safe" in that regards. There is a
> very, very, very low probability of two people having the
> same fingerprints, but the probability just ain't zero.
> With DNA, the easiest counterexample are identical
> twins :-)
> >
> >-------------------------------------------
> >BP Margolin
> >Please reply only to the newsgroups.
> >When posting, inclusion of SQL (CREATE TABLE ...,
> INSERT ..., etc.) which
> >can be cut and pasted into Query Analyzer is appreciated.
> >
> >"Christian Rosenzweig"
> <Christian.Rosenzweig@medvision.de> wrote in message
> news:02d301c3185e$fc189dd0$a301280a@phx.gbl...
> >> Hallo,
> >>
> >> when I change any bit in the database (e.g. by hex
> editor)
> >> or any bit changes by physical effects like magnetism
> what
> >> happens with my SQL server? Does it recognize such
> >> manipulations? Is there a warning? Or do I get wrong
> data
> >> according to changed bits?
> >>
> >> Microsoft seems to refuse to give me a official
> statement.
> >> I need it for certification of a product which is used
> in
> >> a medical product which claims for 100% data integrity.
> >>
> >> If there is no internal security mechanism in SQL
> server I
> >> have to implement crc or hash algorithms for any data
> >> storing in my application.
> >>
> >> Thanks for any helpful answers.
> >.
> >
- Next message: BP Margolin: "Re: Limiting simultaneous user connections."
- Previous message: Jason: "How to Grant Create/Modify/Delete to *ALL* SPs"
- In reply to: Christian Rosenzweig: "Re: Data integrity"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
