Integrity Constraints and business value by Eduardo Bellani

Again with this database business? Let me try to motivate you dear reader before I start again with a illustrative case: SQL Injections!

Ok, and how these are related to databases, and more specifically constraints? And what are these constraints?

Constraints are informal business rules (BR) expressed in natural language that constrain the values of the shared properties of entity members of a class.

Integrity constraints are the formalized versions of the constraints as first order predicates that represent them in the database, expressed in a specific data language and enforced by the DBMS in the database for all applications, with potential reduction in application development and maintenance estimated at as high as 80%.

Integrity independence (II)—DBMS-enforced integrity in the database—was a major objective and is an advantage of database management in general and relational database management in particular (and is enshrined as one of the famous 12 Codd rules). It is much superior to application-enforced integrity— a redundant, unreliable and prone to error development and maintenance burden— which was readily subvertible. (Pascal 2016)

Ok, say I got your attention about SQL Injections and you have some clarity on what I mean by constraints. How do I connect these 2 topics?

Here is how: if developers were aware that you could encode your authentication/authorization rules at the DBMS level as integrity constraints, SQL injections would be impossible!

… why do it?


Developer productivity:

Consider the double effect of properly encoding this integrity constraint (data access) where it belongs (with the system managing the data):

  1. You avoid an entire class of common and expensive problems
  2. Because of that, your developers can work on your actual product instead of solving this non issue over and over again.
Figure 1: Santa Maria del Mar destroyed by communist arson, circa 1936

Figure 1: Santa Maria del Mar destroyed by communist arson, circa 1936


CyberSecura, Consultant. 2021. “Sql Injection : Why Is This Attack Still Possible in 2021?”
Group, NTT. 2014. “Global Threat Intelligence Report.” NTT Innovation Institute.
Pascal, Fabian. 2016. The Dbdebunk Guide to Misconceptions About Data Fundamentals. DATABASE DEBUNKINGS.
Swart, Bennie. 2019. “Row Level Security.” Postgres Conference. Postgres Conference US.