Re: From blackbox to grey-box during Web App tests

["C Q" <kyle.c.quest () gmail com>]

Other reasons why they are not used:
4. A huge pain to debug
5. Not portable (this might be a big deal if you need to support multiple
databases in which case it'll mean having the multiple versions of the same
procedures for every database that needs to be supported).
6. Some developers simply don't want to add another layer and another
language in the mix (because their projects are complex enough without the
extra stored procedure headaches).


>         Why don't more people just use Parameterized Stored
> Proceedures?  Is it
> > because there are implimentation issues or because people don't know
> > about them? Whats your opinion?
>
> I wonder that too. Also, why don't people just not write integer
> overflows?
>
> With the snark bit cleared, I'll point out: lots of projects use
> stored procedures, but have some patches of functionality (like query
> builders) that are easiest to write with raw SQL.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave