0

I was thinking about a project on distribution management.

Suppose I have a central database that contains all the sales info of the products manufactured by my company. I populate this database with fresh data from the distributors on fixed regular intervals.

There are other local databases installed on the systems of the distributors. There are certain interfaces made on Java EE Platform through which they access their respective local database. Every week the distributors have to sync their databases with ours. When a distributor syncs with the database, our sales records get updated.

The distributor shouldn't show sales for a back date. But, suppose, a distributor does that by changing his system date to add a sales invoice of back date to his local database. Then he syncs his database with ours and that sale gets reflected in our database.

How can I as a programmer prevent him from doing that (provided that the interface is made by me).

UrsinusTheStrong
  • 1,239
  • 1
  • 16
  • 33
  • most of the time your database resides on a different server, and client on a different machine. Let's say you are saving each transaction time using SYSDATE function. Remeber this returns time on the server not, so even if user change time at his local machine, your server will still will work on server's time. Maybe you are testing on a setup in which server and client is on the same machine, in which case user can circumvent by changing his time, thereby server's time. But this should not be the case while in production server. – Master Chief Jun 15 '14 at 11:16
  • @MasterChief this is actually a genuine issue people are facing. How can I programmatically keep a check on the distributor. He should not be able to add an invoice on back date. He should not even be able to add an old invoice. – UrsinusTheStrong Jun 15 '14 at 11:33
  • 2
    You're synching with the distributor database every week, right? Don't accept any database records from your distributors that are more than a week old. Problem solved. – Gilbert Le Blanc Jun 15 '14 at 12:11
  • @GilbertLeBlanc like maintain a table for distributors with a field containing the last updated date-time. – UrsinusTheStrong Jun 15 '14 at 12:20
  • Yes, assuming you get updates from different distributors at different times, and around once a week for each of them. – Gilbert Le Blanc Jun 15 '14 at 12:22
  • If you "own" both the server code and the distributor's code you can use timeserver API to use 1 atom-clock-for-everyone, see http://stackoverflow.com/questions/4442192/how-to-use-an-internet-time-server-to-get-the-time – xmojmr Jul 14 '14 at 13:32

1 Answers1

5

Short answer : yes you can (and should ...) - but you should also read further

Medium answer : you should not sync by letting any value enter into your database without being controlled, but for example keep a trace of last synced data per distributor and reject any older data unless explicitely established as corrective - but you should still read further

Long answer : the answer will be technical, and as the programmer it will be your responsability. But the problem is on business layer : what do you want to prevent ? A mistake of a distributor sending again an old file, or something totally different ? An intentional attempt from a distributor to put wrong data in your base ? An external attack (from a concurrent, a script kiddy, or an abandonned girl friend ...) deliberately sending forged data to destroy your database ? And who is accountable for the incoming data ? Do you keep traces of who (and how identified) sent any data ? And what is the risk (occurence and damage) of corruption of data ? How much can you (or your company) invest in protective counter mesures ? You must be able to answer to the question what should be done, why, and what is the risk if not done before considering the how.

And if the risk of synchronizing wrong data is too high, you could even considere the possibility that your distributors directly use a web application on a unique (centralized) database.

If you have allready the answer to business level questions, and you know that you really need to protect your database against a distributor adding old sales invoice, you have two ways :

  • you receive an export of distributor data : simply check that each invoice is correct before copying it to your database
  • you receive an offline dump, or use true database synchronization methods : do not synchronize on your real database but on a copy per distributor, and put controls between that copy and your real base.

You can have one single copy if your process can ensure that only one distributor at a time can synchronize its base.

Serge Ballesta
  • 143,923
  • 11
  • 122
  • 252