Sybase NNTP forums - End Of Life (EOL)

The NNTP forums from Sybase - forums.sybase.com - are now closed.

All new questions should be directed to the appropriate forum at the SAP Community Network (SCN).

Individual products have links to the respective forums on SCN, or you can go to SCN and search for your product in the search box (upper right corner) to find your specific developer center.

Automatic update statistic

14 posts in Product Futures Discussion Last posting was on 2005-10-06 15:32:11.0Z
Stephen hui Posted on 2005-09-21 15:48:36.0Z
User-Agent: Microsoft-Entourage/11.1.0.040913
Subject: Automatic update statistic
From: Stephen hui <shuihk@netvigator.com>
Newsgroups: sybase.public.ase.product_futures_discussion
Message-ID: <BF57A192.3493%shuihk@netvigator.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
NNTP-Posting-Host: n219078203208.netvigator.com
X-Original-NNTP-Posting-Host: n219078203208.netvigator.com
Date: 21 Sep 2005 08:48:36 -0700
X-Trace: forums-1-dub 1127317716 219.78.203.208 (21 Sep 2005 08:48:36 -0700)
X-Original-Trace: 21 Sep 2005 08:48:36 -0700, n219078203208.netvigator.com
Lines: 10
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:1752
Article PK: 96701

Why don't Sybase elimate the need of running update statistics in 15.0 ?

Update statistic should be done by system internally. Just perform update
statistic when data change > 15%!


ASE 15.0 should have a configure like
Sp_configure "auto update statistic",1


Sherlock, Kevin Posted on 2005-09-21 19:09:26.0Z
From: "Sherlock, Kevin" <ksherlock@saionline.com>
Newsgroups: sybase.public.ase.product_futures_discussion
References: <BF57A192.3493%shuihk@netvigator.com>
Subject: Re: Automatic update statistic
Lines: 30
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
NNTP-Posting-Host: nic2.saionline.com
X-Original-NNTP-Posting-Host: nic2.saionline.com
Message-ID: <4331afe6$1@forums-1-dub>
Date: 21 Sep 2005 12:09:26 -0700
X-Trace: forums-1-dub 1127329766 63.163.175.14 (21 Sep 2005 12:09:26 -0700)
X-Original-Trace: 21 Sep 2005 12:09:26 -0700, nic2.saionline.com
X-Authenticated-User: teamsybase
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:1753
Article PK: 96700

Because some of us would rather not incur the cost of running update stats while
trying to change > 15% of a table :)

Also, what _specifically_ do you mean by "data change > 15%"? And who is to say
that the cost of doing another update stats (very expensive to do in some cases)
will help performance?

Too many variables. But, even so, ASE 15 has an "auto update stats" feature
that you may want to consider looking at.


http://infocenter.sybase.com/help/topic/com.sybase.help.doc.ase_docs_15.0.whatsn
ew/html/whatsnew/whatsnew21.htm

"Stephen hui" <shuihk@netvigator.com> wrote in message
news:BF57A192.3493%shuihk@netvigator.com...
> Why don't Sybase elimate the need of running update statistics in 15.0 ?
>
> Update statistic should be done by system internally. Just perform update
> statistic when data change > 15%!
>
>
> ASE 15.0 should have a configure like
> Sp_configure "auto update statistic",1
>
>


Eric Miner Posted on 2005-09-28 19:01:23.0Z
Message-ID: <433AE80F.4000601@yahoo.com>
From: Eric Miner <eminer1254@yahoo.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: sybase.public.ase.product_futures_discussion
To: Stephen hui <shuihk@netvigator.com>
Subject: Re: Automatic update statistic
References: <BF57A192.3493%shuihk@netvigator.com>
In-Reply-To: <BF57A192.3493%shuihk@netvigator.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Original-NNTP-Posting-Host: adsl-065-012-155-236.sip.clt.bellsouth.net
X-Original-Trace: 28 Sep 2005 11:59:34 -0700, adsl-065-012-155-236.sip.clt.bellsouth.net
Lines: 26
X-Original-NNTP-Posting-Host: forums-2-dub.sybase.com
X-Original-Trace: 28 Sep 2005 11:59:35 -0700, forums-2-dub.sybase.com
NNTP-Posting-Host: forums-master.sybase.com
X-Original-NNTP-Posting-Host: forums-master.sybase.com
Date: 28 Sep 2005 12:01:23 -0700
X-Trace: forums-1-dub 1127934083 10.22.108.75 (28 Sep 2005 12:01:23 -0700)
X-Original-Trace: 28 Sep 2005 12:01:23 -0700, forums-master.sybase.com
X-Authenticated-User: ngsysop
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:1755
Article PK: 96704

Hello,

Kevin makes a good point - update statistics does not guarantee good
performance, it only guarantees that statistics are up to date when it
finishes its run. updating stats after X% of change to the data is not
necessarily the way to insure good performance and up to date stats at
the same time.

However, in ASE 15 there is functionality that enables auto update
stats. Take a look at that. But, be careful.....things could get a bit
ugly when using it

Later
Eric Miner

Stephen hui wrote:
> Why don't Sybase elimate the need of running update statistics in 15.0 ?
>
> Update statistic should be done by system internally. Just perform update
> statistic when data change > 15%!
>
>
> ASE 15.0 should have a configure like
> Sp_configure "auto update statistic",1
>
>


Jason L. Froebe [Team Sybase] Posted on 2005-10-01 22:35:20.0Z
From: "Jason L. Froebe [Team Sybase]" <jfroebe@froebe.net>
Organization: Team Sybase
User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: sybase.public.ase.product_futures_discussion
Subject: Re: Automatic update statistic
References: <BF57A192.3493%shuihk@netvigator.com> <433AE80F.4000601@yahoo.com>
In-Reply-To: <433AE80F.4000601@yahoo.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
NNTP-Posting-Host: dsl017-022-159.chi1.dsl.speakeasy.net
X-Original-NNTP-Posting-Host: dsl017-022-159.chi1.dsl.speakeasy.net
Message-ID: <433f0f28$1@forums-1-dub>
Date: 1 Oct 2005 15:35:20 -0700
X-Trace: forums-1-dub 1128206120 69.17.22.159 (1 Oct 2005 15:35:20 -0700)
X-Original-Trace: 1 Oct 2005 15:35:20 -0700, dsl017-022-159.chi1.dsl.speakeasy.net
Lines: 17
X-Authenticated-User: TeamSybase
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:1756
Article PK: 96702

Indeed. Microsoft SQL Server has automatic update statistics enabled by
default. This is fine for small tables but for large tables, it can
interfere severely with production. Most MS DBAs worth their salt turn
it off in production environments.

--
Jason L. Froebe

"There is usually a balance between the left and the right... checks &
balances... the bane of the government but the boon of the people" -
Jason L. Froebe

WebBlog http://jfroebe.livejournal.com

TeamSybase (http://www.teamsybase.com)
ISUG member (http://www.isug.com)
Chicago Sybase Tools User Group (http://www.cpbug.com)


Stephen hui Posted on 2005-10-02 15:18:23.0Z
User-Agent: Microsoft-Entourage/11.2.0.050811
Subject: Re: Automatic update statistic
From: Stephen hui <shuihk@netvigator.com>
Newsgroups: sybase.public.ase.product_futures_discussion
Message-ID: <BF661AB5.37DA%shuihk@netvigator.com>
Thread-Topic: Automatic update statistic
Thread-Index: AcXHZDUDc8GJkzNXEdq/OQARJHcaxA==
References: <BF57A192.3493%shuihk@netvigator.com> <433AE80F.4000601@yahoo.com> <433f0f28$1@forums-1-dub>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-Original-NNTP-Posting-Host: n220246161143.netvigator.com
X-Original-Trace: 2 Oct 2005 08:16:11 -0700, n220246161143.netvigator.com
Lines: 18
X-Original-NNTP-Posting-Host: forums-2-dub.sybase.com
X-Original-Trace: 2 Oct 2005 08:16:12 -0700, forums-2-dub.sybase.com
NNTP-Posting-Host: forums-master.sybase.com
X-Original-NNTP-Posting-Host: forums-master.sybase.com
Date: 2 Oct 2005 08:18:23 -0700
X-Trace: forums-1-dub 1128266303 10.22.108.75 (2 Oct 2005 08:18:23 -0700)
X-Original-Trace: 2 Oct 2005 08:18:23 -0700, forums-master.sybase.com
X-Authenticated-User: ngsysop
Path: forums-1-dub!forums-2-dub!not-for-mail
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:1758
Article PK: 96705

My point is statisics maintenance should not be a DBA responsibilities.


I would like to see a garbage collector like process to keep statistic
up-to-date.

Same theories apply to DBCC.

On 10/2/05 6:35 AM, in article 433f0f28$1@forums-1-dub, "Jason L. Froebe

[Team Sybase]" <jfroebe@froebe.net> wrote:

> Indeed. Microsoft SQL Server has automatic update statistics enabled by
> default. This is fine for small tables but for large tables, it can
> interfere severely with production. Most MS DBAs worth their salt turn
> it off in production environments.
>
> --


Jason L. Froebe [Team Sybase] Posted on 2005-10-02 16:44:35.0Z
From: "Jason L. Froebe [Team Sybase]" <jfroebe@froebe.net>
Organization: Team Sybase
User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: sybase.public.ase.product_futures_discussion
Subject: Re: Automatic update statistic
References: <BF57A192.3493%shuihk@netvigator.com> <433AE80F.4000601@yahoo.com> <433f0f28$1@forums-1-dub> <BF661AB5.37DA%shuihk@netvigator.com>
In-Reply-To: <BF661AB5.37DA%shuihk@netvigator.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
NNTP-Posting-Host: dsl017-022-159.chi1.dsl.speakeasy.net
X-Original-NNTP-Posting-Host: dsl017-022-159.chi1.dsl.speakeasy.net
Message-ID: <43400e73$1@forums-1-dub>
Date: 2 Oct 2005 09:44:35 -0700
X-Trace: forums-1-dub 1128271475 69.17.22.159 (2 Oct 2005 09:44:35 -0700)
X-Original-Trace: 2 Oct 2005 09:44:35 -0700, dsl017-022-159.chi1.dsl.speakeasy.net
Lines: 27
X-Authenticated-User: TeamSybase
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:1759
Article PK: 96706


Stephen hui wrote:
> My point is statisics maintenance should not be a DBA responsibilities.
>
>
> I would like to see a garbage collector like process to keep statistic
> up-to-date.
>
> Same theories apply to DBCC.

That's a nice dream that we might actually achieve in a few years but
for now, it is not technically possible on ASE or any DBMS and still
maintain a reasonable performance during the time of maintenance.

Being a DBA is more than just doing backups and creating the odd table.

--
Jason L. Froebe

"There is usually a balance between the left and the right... checks &
balances... the bane of the government but the boon of the people" -
Jason L. Froebe

WebBlog http://jfroebe.livejournal.com

TeamSybase (http://www.teamsybase.com)
ISUG member (http://www.isug.com)
Chicago Sybase Tools User Group (http://www.cpbug.com)


Stephen hui Posted on 2005-10-03 15:35:26.0Z
User-Agent: Microsoft-Entourage/11.2.0.050811
Subject: Re: Automatic update statistic
From: Stephen hui <shuihk@netvigator.com>
Newsgroups: sybase.public.ase.product_futures_discussion
Message-ID: <BF677025.37E4%shuihk@netvigator.com>
Thread-Topic: Automatic update statistic
Thread-Index: AcXIL7g99oDP1zQiEdqnLQARJHcaxA==
References: <BF57A192.3493%shuihk@netvigator.com> <433AE80F.4000601@yahoo.com> <433f0f28$1@forums-1-dub> <BF661AB5.37DA%shuihk@netvigator.com> <43400e73$1@forums-1-dub>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-Original-NNTP-Posting-Host: n219078195013.netvigator.com
X-Original-Trace: 3 Oct 2005 08:33:01 -0700, n219078195013.netvigator.com
Lines: 39
X-Original-NNTP-Posting-Host: forums-2-dub.sybase.com
X-Original-Trace: 3 Oct 2005 08:33:03 -0700, forums-2-dub.sybase.com
NNTP-Posting-Host: forums-master.sybase.com
X-Original-NNTP-Posting-Host: forums-master.sybase.com
Date: 3 Oct 2005 08:35:26 -0700
X-Trace: forums-1-dub 1128353726 10.22.108.75 (3 Oct 2005 08:35:26 -0700)
X-Original-Trace: 3 Oct 2005 08:35:26 -0700, forums-master.sybase.com
X-Authenticated-User: ngsysop
Path: forums-1-dub!forums-2-dub!not-for-mail
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:1760
Article PK: 96707

I do have few recommendation on ASE-15.x

We want a complete revamp on T-SQL ...

1. T-SQL function. (long requested feature. Don't mention java function as
it 's not a T-sql )

2. Multiple trigger/ row level trigger.

3. Array like variables to store the result set.

4. better free-space threshold monitoring

5. backup on object-level (SQL backtrack..) and BCP with select option.

6. Better security design ( ie. Some installation need both sa_role and
sso_role..but in fact some bank has 2 persosn to hold 2 separate role..)




On 10/3/05 12:44 AM, in article 43400e73$1@forums-1-dub, "Jason L. Froebe

[Team Sybase]" <jfroebe@froebe.net> wrote:

> Stephen hui wrote:
>> My point is statisics maintenance should not be a DBA responsibilities.
>>
>>
>> I would like to see a garbage collector like process to keep statistic
>> up-to-date.
>>
>> Same theories apply to DBCC.
>
> That's a nice dream that we might actually achieve in a few years but
> for now, it is not technically possible on ASE or any DBMS and still
> maintain a reasonable performance during the time of maintenance.
>
> Being a DBA is more than just doing backups and creating the odd table.


Carl Kayser Posted on 2005-10-03 15:51:41.0Z
From: "Carl Kayser" <kayser_c@bls.gov>
Newsgroups: sybase.public.ase.product_futures_discussion
References: <BF57A192.3493%shuihk@netvigator.com> <433AE80F.4000601@yahoo.com> <433f0f28$1@forums-1-dub> <BF661AB5.37DA%shuihk@netvigator.com> <43400e73$1@forums-1-dub> <BF677025.37E4%shuihk@netvigator.com>
Subject: Re: Automatic update statistic
Lines: 49
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-RFC2646: Format=Flowed; Original
NNTP-Posting-Host: 146.142.33.192
X-Original-NNTP-Posting-Host: 146.142.33.192
Message-ID: <4341538d$1@forums-1-dub>
Date: 3 Oct 2005 08:51:41 -0700
X-Trace: forums-1-dub 1128354701 146.142.33.192 (3 Oct 2005 08:51:41 -0700)
X-Original-Trace: 3 Oct 2005 08:51:41 -0700, 146.142.33.192
X-Authenticated-User: ase1251
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:1761
Article PK: 96708

Per TechWave, item (1) is supposed to be in 12.5.1 (2006 Q1) and item (5) in
a later release.

I'm curious as to exactly what you have in mind for item (6)? What's your
"solution" for this issue?

"Stephen hui" <shuihk@netvigator.com> wrote in message
news:BF677025.37E4%shuihk@netvigator.com...
>I do have few recommendation on ASE-15.x
>
> We want a complete revamp on T-SQL ...
>
> 1. T-SQL function. (long requested feature. Don't mention java function as
> it 's not a T-sql )
>
> 2. Multiple trigger/ row level trigger.
>
> 3. Array like variables to store the result set.
>
> 4. better free-space threshold monitoring
>
> 5. backup on object-level (SQL backtrack..) and BCP with select option.
>
> 6. Better security design ( ie. Some installation need both sa_role and
> sso_role..but in fact some bank has 2 persosn to hold 2 separate role..)
>
>
>
>
> On 10/3/05 12:44 AM, in article 43400e73$1@forums-1-dub, "Jason L. Froebe
> [Team Sybase]" <jfroebe@froebe.net> wrote:
>
>> Stephen hui wrote:
>>> My point is statisics maintenance should not be a DBA responsibilities.
>>>
>>>
>>> I would like to see a garbage collector like process to keep statistic
>>> up-to-date.
>>>
>>> Same theories apply to DBCC.
>>
>> That's a nice dream that we might actually achieve in a few years but
>> for now, it is not technically possible on ASE or any DBMS and still
>> maintain a reasonable performance during the time of maintenance.
>>
>> Being a DBA is more than just doing backups and creating the odd table.
>


Frank Hamersley Posted on 2005-10-04 02:23:24.0Z
From: Frank Hamersley <terabitemightbe@bigpond.com>
User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: sybase.public.ase.product_futures_discussion
Subject: Re: Automatic update statistic
References: <BF57A192.3493%shuihk@netvigator.com> <433AE80F.4000601@yahoo.com> <433f0f28$1@forums-1-dub> <BF661AB5.37DA%shuihk@netvigator.com> <43400e73$1@forums-1-dub> <BF677025.37E4%shuihk@netvigator.com> <4341538d$1@forums-1-dub>
In-Reply-To: <4341538d$1@forums-1-dub>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
NNTP-Posting-Host: ess-p-144-138-7-132.mega.tmns.net.au
X-Original-NNTP-Posting-Host: ess-p-144-138-7-132.mega.tmns.net.au
Message-ID: <4341e79c@forums-1-dub>
Date: 3 Oct 2005 19:23:24 -0700
X-Trace: forums-1-dub 1128392604 144.138.7.132 (3 Oct 2005 19:23:24 -0700)
X-Original-Trace: 3 Oct 2005 19:23:24 -0700, ess-p-144-138-7-132.mega.tmns.net.au
Lines: 34
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:1762
Article PK: 96709


Carl Kayser wrote:
> Per TechWave, item (1) is supposed to be in 12.5.1 (2006 Q1) and item (5) in
> a later release.
>
> I'm curious as to exactly what you have in mind for item (6)? What's your
> "solution" for this issue?
>
> "Stephen hui" <shuihk@netvigator.com> wrote in message
> news:BF677025.37E4%shuihk@netvigator.com...

[..]

>>6. Better security design ( ie. Some installation need both sa_role and
>>sso_role..but in fact some bank has 2 persosn to hold 2 separate role..)

I suspect he is referring to a "four eyes" security policy where it
would normally require (a conspiracy of at least) 2 people to commit a
fraud by way of phreaking the system.

It is not uncommon in financial systems for ppl with authority to manage
security settings being prohibited from amending any system data. This
constraint is currently compromised by the sa (and to some extent dbo)
users having/needing universal rights on a server to keep it "healthy".

This could either take the form of soliciting a second password from
another person at the time of need (not ideal if key logger was in use)
or perhaps a work flow style feature where confirmation of the first
password is latched (perhaps only for a limited time) until the
confirmation password is entered from another client system. Only then
would ASE proceed to enact the command. Bulk changes by way of scripts
(eg during system upgrades) would present a challenge but I am sure it
could be solved.

Cheers, Frank.


Carl Kayser Posted on 2005-10-04 18:17:37.0Z
From: "Carl Kayser" <kayser_c@bls.gov>
Newsgroups: sybase.public.ase.product_futures_discussion
References: <BF57A192.3493%shuihk@netvigator.com> <433AE80F.4000601@yahoo.com> <433f0f28$1@forums-1-dub> <BF661AB5.37DA%shuihk@netvigator.com> <43400e73$1@forums-1-dub> <BF677025.37E4%shuihk@netvigator.com> <4341538d$1@forums-1-dub> <4341e79c@forums-1-dub>
Subject: Re: Automatic update statistic
Lines: 61
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
X-RFC2646: Format=Flowed; Response
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
NNTP-Posting-Host: 146.142.33.192
X-Original-NNTP-Posting-Host: 146.142.33.192
Message-ID: <4342c741@forums-1-dub>
Date: 4 Oct 2005 11:17:37 -0700
X-Trace: forums-1-dub 1128449857 146.142.33.192 (4 Oct 2005 11:17:37 -0700)
X-Original-Trace: 4 Oct 2005 11:17:37 -0700, 146.142.33.192
X-Authenticated-User: ase1251
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:1763
Article PK: 96710

Bottom post.

"Frank Hamersley" <terabitemightbe@bigpond.com> wrote in message
news:4341e79c@forums-1-dub...
> Carl Kayser wrote:
>> Per TechWave, item (1) is supposed to be in 12.5.1 (2006 Q1) and item (5)
>> in a later release.
>>
>> I'm curious as to exactly what you have in mind for item (6)? What's
>> your "solution" for this issue?
>>
>> "Stephen hui" <shuihk@netvigator.com> wrote in message
>> news:BF677025.37E4%shuihk@netvigator.com...
>
> [..]
>
>>>6. Better security design ( ie. Some installation need both sa_role and
>>>sso_role..but in fact some bank has 2 persosn to hold 2 separate role..)
>
> I suspect he is referring to a "four eyes" security policy where it would
> normally require (a conspiracy of at least) 2 people to commit a fraud by
> way of phreaking the system.
>
> It is not uncommon in financial systems for ppl with authority to manage
> security settings being prohibited from amending any system data. This
> constraint is currently compromised by the sa (and to some extent dbo)
> users having/needing universal rights on a server to keep it "healthy".
>
> This could either take the form of soliciting a second password from
> another person at the time of need (not ideal if key logger was in use) or
> perhaps a work flow style feature where confirmation of the first password
> is latched (perhaps only for a limited time) until the confirmation
> password is entered from another client system. Only then would ASE
> proceed to enact the command. Bulk changes by way of scripts (eg during
> system upgrades) would present a challenge but I am sure it could be
> solved.
>
> Cheers, Frank.

Thank you, Frank.

I'll put my ignorance on the line. I've become more interested and involved
with security aspects (and have learned more). But there is still a lot
that I don't understand with regards to the big picture.

AFAIK Sybase provides both the SA and SSO roles. And separation can be
enforced via mutual exclusivity. An SSO can set auditing so that most
activites by an SA are logged, including the SA "covering his tracks". With
Oracle (DB2? MS SQL Server?) the separation is between the SA and the OS
admin. Am I correct so far?

In which case, I would think that searching flat files (versus tables) would
be relatively inefficient. It's one thing to store gobs of info and another
to be able to examine it. What good is the former without the latter? On
second thought, I think that there are auditors that only check the first!

Are there any "four eyes" methods currently available from any RDBMS vendor?
I imagine that another approach would be to require two SAs being logged in
for certain activities, as with Solaris Trusted Server (?).


Frank Hamersley Posted on 2005-10-05 14:46:18.0Z
From: Frank Hamersley <terabitemightbe@bigpond.com>
User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: sybase.public.ase.product_futures_discussion
Subject: Re: Automatic update statistic
References: <BF57A192.3493%shuihk@netvigator.com> <433AE80F.4000601@yahoo.com> <433f0f28$1@forums-1-dub> <BF661AB5.37DA%shuihk@netvigator.com> <43400e73$1@forums-1-dub> <BF677025.37E4%shuihk@netvigator.com> <4341538d$1@forums-1-dub> <4341e79c@forums-1-dub> <4342c741@forums-1-dub>
In-Reply-To: <4342c741@forums-1-dub>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
NNTP-Posting-Host: cpe-147-10-200-142.nsw.bigpond.net.au
X-Original-NNTP-Posting-Host: cpe-147-10-200-142.nsw.bigpond.net.au
Message-ID: <4343e73a@forums-1-dub>
Date: 5 Oct 2005 07:46:18 -0700
X-Trace: forums-1-dub 1128523578 147.10.200.142 (5 Oct 2005 07:46:18 -0700)
X-Original-Trace: 5 Oct 2005 07:46:18 -0700, cpe-147-10-200-142.nsw.bigpond.net.au
Lines: 67
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:1764
Article PK: 96712


Carl Kayser wrote:
> "Frank Hamersley" <terabitemightbe@bigpond.com> wrote in message
>>Carl Kayser wrote:
>>>"Stephen hui" <shuihk@netvigator.com> wrote in message
>>>news:BF677025.37E4%shuihk@netvigator.com...
[..]
>>>>6. Better security design ( ie. Some installation need both sa_role and
>>>>sso_role..but in fact some bank has 2 persosn to hold 2 separate role..)
>>
>>I suspect he is referring to a "four eyes" security policy where it would
>>normally require (a conspiracy of at least) 2 people to commit a fraud by
>>way of phreaking the system.
>>
>>It is not uncommon in financial systems for ppl with authority to manage
>>security settings being prohibited from amending any system data. This
>>constraint is currently compromised by the sa (and to some extent dbo)
>>users having/needing universal rights on a server to keep it "healthy".
>>
>>This could either take the form of soliciting a second password from
>>another person at the time of need (not ideal if key logger was in use) or
>>perhaps a work flow style feature where confirmation of the first password
>>is latched (perhaps only for a limited time) until the confirmation
>>password is entered from another client system. Only then would ASE
>>proceed to enact the command. Bulk changes by way of scripts (eg during
>>system upgrades) would present a challenge but I am sure it could be
>>solved.
>>
>>Cheers, Frank.
>
> Thank you, Frank.
>
> I'll put my ignorance on the line. I've become more interested and involved
> with security aspects (and have learned more). But there is still a lot
> that I don't understand with regards to the big picture.
>
> AFAIK Sybase provides both the SA and SSO roles. And separation can be
> enforced via mutual exclusivity. An SSO can set auditing so that most
> activites by an SA are logged, including the SA "covering his tracks". With
> Oracle (DB2? MS SQL Server?) the separation is between the SA and the OS
> admin. Am I correct so far?

Yes this is perhaps the first degree of control - auditability - and the
ASE sa/sso tango can certainly be deployed to ensure the contents of the
audit trail are secure from tampering.

However in financial markets with increasing volumes of high value
transactions (say > USD100MIO) and STP systems it has become an
imperative to interdict any possibility that a DBA could trigger an
unauthorised outwards payment even if they knew it was going to be
detected later - and after they relocated themselves to another
jurisdiction.

> In which case, I would think that searching flat files (versus tables) would
> be relatively inefficient. It's one thing to store gobs of info and another
> to be able to examine it. What good is the former without the latter? On
> second thought, I think that there are auditors that only check the first!
>
> Are there any "four eyes" methods currently available from any RDBMS vendor?
> I imagine that another approach would be to require two SAs being logged in
> for certain activities, as with Solaris Trusted Server (?).

Not that I am aware of, although I am by no means fully informed of all
the finer points offered in the market today. However given Sybases oft
repeated claims about its Wall St market share perhaps it should be
making the running and not finessing the competition!

Cheers, Frank.


Carl Kayser Posted on 2005-10-05 15:08:06.0Z
From: "Carl Kayser" <kayser_c@bls.gov>
Newsgroups: sybase.public.ase.product_futures_discussion
References: <BF57A192.3493%shuihk@netvigator.com> <433AE80F.4000601@yahoo.com> <433f0f28$1@forums-1-dub> <BF661AB5.37DA%shuihk@netvigator.com> <43400e73$1@forums-1-dub> <BF677025.37E4%shuihk@netvigator.com> <4341538d$1@forums-1-dub> <4341e79c@forums-1-dub> <4342c741@forums-1-dub> <4343e73a@forums-1-dub>
Subject: Re: Automatic update statistic
Lines: 52
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
X-RFC2646: Format=Flowed; Response
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
NNTP-Posting-Host: 146.142.33.192
X-Original-NNTP-Posting-Host: 146.142.33.192
Message-ID: <4343ec56$1@forums-1-dub>
Date: 5 Oct 2005 08:08:06 -0700
X-Trace: forums-1-dub 1128524886 146.142.33.192 (5 Oct 2005 08:08:06 -0700)
X-Original-Trace: 5 Oct 2005 08:08:06 -0700, 146.142.33.192
X-Authenticated-User: ase1251
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:1765
Article PK: 96711

"Frank Hamersley" <terabitemightbe@bigpond.com> wrote in message
news:4343e73a@forums-1-dub...

(BIG SNIP)

>>
>> AFAIK Sybase provides both the SA and SSO roles. And separation can be
>> enforced via mutual exclusivity. An SSO can set auditing so that most
>> activites by an SA are logged, including the SA "covering his tracks".
>> With Oracle (DB2? MS SQL Server?) the separation is between the SA and
>> the OS admin. Am I correct so far?
>
> Yes this is perhaps the first degree of control - auditability - and the
> ASE sa/sso tango can certainly be deployed to ensure the contents of the
> audit trail are secure from tampering.
>
> However in financial markets with increasing volumes of high value
> transactions (say > USD100MIO) and STP systems it has become an imperative
> to interdict any possibility that a DBA could trigger an unauthorised
> outwards payment even if they knew it was going to be detected later - and
> after they relocated themselves to another jurisdiction.

OK, a very good point.

>
>> In which case, I would think that searching flat files (versus tables)
>> would be relatively inefficient. It's one thing to store gobs of info
>> and another to be able to examine it. What good is the former without
>> the latter? On second thought, I think that there are auditors that only
>> check the first!
>>
>> Are there any "four eyes" methods currently available from any RDBMS
>> vendor? I imagine that another approach would be to require two SAs being
>> logged in for certain activities, as with Solaris Trusted Server (?).
>
> Not that I am aware of, although I am by no means fully informed of all
> the finer points offered in the market today. However given Sybases oft
> repeated claims about its Wall St market share perhaps it should be making
> the running and not finessing the competition!

Yes, Sybase should be trying to stay ahead of the curve of the competition
whenever it can. There is too much "catching up" in the releases of the
past few years. It's important to establish (and keep) a mind set of being
ahead in some niches.

>
> Cheers, Frank.

Thanks for the info.


Frank Hamersley Posted on 2005-10-06 00:46:12.0Z
From: Frank Hamersley <terabitemightbe@bigpond.com>
User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: sybase.public.ase.product_futures_discussion
Subject: Re: Automatic update statistic
References: <BF57A192.3493%shuihk@netvigator.com> <433AE80F.4000601@yahoo.com> <433f0f28$1@forums-1-dub> <BF661AB5.37DA%shuihk@netvigator.com> <43400e73$1@forums-1-dub> <BF677025.37E4%shuihk@netvigator.com> <4341538d$1@forums-1-dub> <4341e79c@forums-1-dub> <4342c741@forums-1-dub> <4343e73a@forums-1-dub> <4343ec56$1@forums-1-dub>
In-Reply-To: <4343ec56$1@forums-1-dub>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Original-NNTP-Posting-Host: ess-p-144-138-7-231.mega.tmns.net.au
Message-ID: <4344733b$1@forums-2-dub>
X-Original-Trace: 5 Oct 2005 17:43:39 -0700, ess-p-144-138-7-231.mega.tmns.net.au
Lines: 25
X-Original-NNTP-Posting-Host: forums-2-dub.sybase.com
X-Original-Trace: 5 Oct 2005 17:43:42 -0700, forums-2-dub.sybase.com
NNTP-Posting-Host: forums-master.sybase.com
X-Original-NNTP-Posting-Host: forums-master.sybase.com
Date: 5 Oct 2005 17:46:12 -0700
X-Trace: forums-1-dub 1128559572 10.22.108.75 (5 Oct 2005 17:46:12 -0700)
X-Original-Trace: 5 Oct 2005 17:46:12 -0700, forums-master.sybase.com
X-Authenticated-User: ngsysop
Path: forums-1-dub!forums-2-dub!not-for-mail
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:1766
Article PK: 96713


Carl Kayser wrote:
> "Frank Hamersley" <terabitemightbe@bigpond.com> wrote in message
[..]
>>Yes this is perhaps the first degree of control - auditability - and the
>>ASE sa/sso tango can certainly be deployed to ensure the contents of the
>>audit trail are secure from tampering.
>>
>>However in financial markets with increasing volumes of high value
>>transactions (say > USD100MIO) and STP systems it has become an imperative
>>to interdict any possibility that a DBA could trigger an unauthorised
>>outwards payment even if they knew it was going to be detected later - and
>>after they relocated themselves to another jurisdiction.
>
> OK, a very good point.

Just to labour perhaps one element in support of a serious review on
this issue.

The advent and inexorable rise of STP (Straight Through Processing)
postdates I suspect the design of most DBMS security models. However
today the risk is greatly increased in that injection of a fraudulant
transaction could slip past the clerks that in the past would have stood
a chance of smelling a rat when a strange payment landed on their desk.

Cheers, Frank.


Stephen hui Posted on 2005-10-06 15:32:11.0Z
User-Agent: Microsoft-Entourage/11.2.0.050811
Subject: Re: Automatic update statistic
From: Stephen hui <shuihk@netvigator.com>
Newsgroups: sybase.public.ase.product_futures_discussion
Message-ID: <BF6B63C9.3864%shuihk@netvigator.com>
Thread-Topic: Automatic update statistic
Thread-Index: AcXKirRZ8wLRljZ9EdqdmgARJHcaxA==
References: <BF57A192.3493%shuihk@netvigator.com> <433AE80F.4000601@yahoo.com> <433f0f28$1@forums-1-dub> <BF661AB5.37DA%shuihk@netvigator.com> <43400e73$1@forums-1-dub> <BF677025.37E4%shuihk@netvigator.com> <4341538d$1@forums-1-dub>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-Original-NNTP-Posting-Host: n219078197201.netvigator.com
X-Original-Trace: 6 Oct 2005 08:29:32 -0700, n219078197201.netvigator.com
Lines: 68
X-Original-NNTP-Posting-Host: forums-2-dub.sybase.com
X-Original-Trace: 6 Oct 2005 08:29:34 -0700, forums-2-dub.sybase.com
NNTP-Posting-Host: forums-master.sybase.com
X-Original-NNTP-Posting-Host: forums-master.sybase.com
Date: 6 Oct 2005 08:32:11 -0700
X-Trace: forums-1-dub 1128612731 10.22.108.75 (6 Oct 2005 08:32:11 -0700)
X-Original-Trace: 6 Oct 2005 08:32:11 -0700, forums-master.sybase.com
X-Authenticated-User: ngsysop
Path: forums-1-dub!forums-2-dub!not-for-mail
Xref: forums-1-dub sybase.public.ase.product_futures_discussion:1767
Article PK: 96714

For example, when u add a db on to rep srv thru rs_init, u have to use "sa"
(sa+sso) role. However,in our env, the "sa" is locked.

There is a lack of password history , strong password verification (ie.
Password=userid ) and user last login time feature in ASE. ASE only offer
non-industry standard/weak encryption (56bit password encryption) on network
transmittion (unless u use SSL which cost u $$ and peformance impact).
Sp_password show a clear text in audit trail ....


Consider data security is top priority in financial firm nowsday, Sybase
need to work harder in this area.



On 10/3/05 11:51 PM, in article 4341538d$1@forums-1-dub, "Carl Kayser"

<kayser_c@bls.gov> wrote:

> Per TechWave, item (1) is supposed to be in 12.5.1 (2006 Q1) and item (5) in
> a later release.
>
> I'm curious as to exactly what you have in mind for item (6)? What's your
> "solution" for this issue?
>
> "Stephen hui" <shuihk@netvigator.com> wrote in message
> news:BF677025.37E4%shuihk@netvigator.com...
>> I do have few recommendation on ASE-15.x
>>
>> We want a complete revamp on T-SQL ...
>>
>> 1. T-SQL function. (long requested feature. Don't mention java function as
>> it 's not a T-sql )
>>
>> 2. Multiple trigger/ row level trigger.
>>
>> 3. Array like variables to store the result set.
>>
>> 4. better free-space threshold monitoring
>>
>> 5. backup on object-level (SQL backtrack..) and BCP with select option.
>>
>> 6. Better security design ( ie. Some installation need both sa_role and
>> sso_role..but in fact some bank has 2 persosn to hold 2 separate role..)
>>
>>
>>
>>
>> On 10/3/05 12:44 AM, in article 43400e73$1@forums-1-dub, "Jason L. Froebe
>> [Team Sybase]" <jfroebe@froebe.net> wrote:
>>
>>> Stephen hui wrote:
>>>> My point is statisics maintenance should not be a DBA responsibilities.
>>>>
>>>>
>>>> I would like to see a garbage collector like process to keep statistic
>>>> up-to-date.
>>>>
>>>> Same theories apply to DBCC.
>>>
>>> That's a nice dream that we might actually achieve in a few years but
>>> for now, it is not technically possible on ASE or any DBMS and still
>>> maintain a reasonable performance during the time of maintenance.
>>>
>>> Being a DBA is more than just doing backups and creating the odd table.
>>
>
>