|DBA Proxy and SQL and LEX email@example.com (1999-10-04)|
|Date:||4 Oct 1999 12:11:53 -0400|
|Keywords:||design, question, comment|
I'm working on a SQL pre-processor that will be used to proxy a
database administrator role to a developer. Basically, the SQL stored
in a Sybase database is, by default, owned by the user ID that created
it. The internal user called Database Owner or DBO offers the
broadest rights to a stored procedure in Sybase.
The problem is we would like developers to create stored procedures as
DBO by proxy. What this implies, however, is that a developer,
through the proxy tool (a WEBsite) could do ANY function of a DBO.
Therefore, we want to restruct the list of valid SQL verbs to a
We believe we can only do this in reverse. That is, we can say "these
are the commands you cannot perform", but you can perform anything
I'm attempting to use lex provide a lexical analysis of the stored
procedure (as a text file), then, if needed, use yacc to parse for "IS
NOT IN" grammar.
For example the commands..
grant update on <table> to public
Are Sybase command verbs that are legal for DBO, but cannot be allowed
in a stored procedure created by a developer. If they are not tested
for and rejected, a developer could do dangerous things to our
Is lex or lex/yacc the right tools to find language constructs that
CANNOT exist in a stored procedure text file ?
[If you want to do that, sure. Write a little lexer that calls an error
routine if it sees any of the forbidden naughty words. -John]
Return to the
Search the comp.compilers archives again.