Key Considerations for Database Testing (Part 1)
链接请见:http://www.logigear.com/newsletter/key_considerations_for_database_testing-1.asp
Jesse Watkins-Gibbs, Project Manager, LogiGear Corporation
Most multi-user applications today use some form of persistence, and more often than not, that persistence is done using a relational database management system (RDBMS), such as Oracle, SQL Server, MySQL, or DB2. This article will discuss some quick and easy ways that a tester can start to perform 'grey box' or 'white box' testing against the databases in their application, which will allow them to more easily uncover problems with the database.
Functionality of the database is one of the most critical aspects of your application's quality; problems with the database could lead to data loss or security breaches, and may put your company at legal risk depending on the type of data you are storing.
Considering how important the database is to the success of applications, it is surprising how little attention is focused on database testing. In my experience, the biggest barrier is that most testers simply don't have time to directly test the database, so they end up focusing their testing efforts on testing via the GUI.
Part 1 of this article will introduce the concepts of referential integrity and security, and discuss some tools and techniques for testing them. Part 2 of the article will address additional topics.
Referential Integrity:
As the name implies, relational databases store data as well as information about the relationships between various data. Data records will often contain references to other data records in other tables. Maintaining integrity of these relationships is critical; if relationships between data become broken, the function of your application could be compromised.
Database developers use a number of different tools to provide referential integrity including constraints (rules within the database which require references to be maintained), triggers (processes which are 'triggered' by changes to specific data) and application code (logic contained in the application which describes how to manipulate the data).
Depending on which methods your database developers have used, the database will be vulnerable to different sorts of referential integrity issues. Constraints are the most effective way to maintain integrity, since the RDBMS will prevent anyone from making changes that will break integrity. Maintaining referential integrity via application code is the most risky (but also most flexible) approach, since you are relying on the programmers' code to make every modification correctly.
As a tester, the first thing to do is find out how referential integrity is being maintained in your database. One of the best ways to do this is via a schema, which is a visual diagram of all the tables in the database. You can ask your database administrator (DBA) or the development team for a schema, or you can create one yourself via tools like Visio.
The tools used by the developers and/or DBA to create the database will also show you any constraints and triggers used in the database, and are usually pretty easy to set up.
Once you know how integrity is being maintained, you can then begin to analyze how it could be broken, and what the risks are in your application. For instance, if your application relies on the application code to maintain integrity, then you will want to make sure that every piece of code that modifies the data is thoroughly tested and doesn't introduce data integrity issues. If the application relies on triggers, then you will want to have tests which cause every trigger to be fired, and make sure that the data is being modified correctly by the triggers.
Security:
There are a number of ways that security of the database is maintained. The most common ways are via usernames and passwords, or via integration with a directory such as LDAP. Some of the key questions to consider are:
1、Does each user of the application have a separate password to the database, or is their a shared database account for all users of the application?
2、How much permission do the database accounts used by the users have within the database (read-only, read/write, administrative privileges)?
3、What interface is used to manage the accounts used to access the database? What other ways are there to access the database using the same login information as the application?
In practice, many applications require that each user has a different account at the application-level, but there is a single account shared by all users to access the database. As a tester, it's important to understand how the database is being accessed, with what level of permission, and to make sure that all stakeholders are aware of the risks being introduced via the chosen methods.
In practice, many applications require that each user has a different account at the application-level, but there is a single account shared by all users to access the database. As a tester, it's important to understand how the database is being accessed, with what level of permission, and to make sure that all stakeholders are aware of the risks being introduced via the chosen methods. 谢谢了!!!
请大家审稿
Key Considerations for Database Testing (Part 1)数据库测试中的几个要点(第一部分)
Jesse Watkins-Gibbs, Project Manager, LogiGear Corporation
Most multi-user applications today use some form of persistence, and more often than not, that persistence is done using a relational database management system (RDBMS), such as Oracle, SQL Server, MySQL, or DB2. This article will discuss some quick and easy ways that a tester can start to perform 'grey box' or 'white box' testing against the databases in their application, which will allow them to more easily uncover problems with the database.
如今大多数的多用户系统使用某种形式的状态保持技术,并且在大多数情况下这种技术采用诸如oracle,SQL Server, MySQL或DB2的关系型数据库管理系统来实现。本文将讨论一些快速且便捷的方法,软件测试员可借助这些方法在程序中对数据库进行灰盒或白盒测试,这些方法可以让测试人员更加容易地发现与数据库相关的缺陷问题。
Functionality of the database is one of the most critical aspects of your application's quality; problems with the database could lead to data loss or security breaches, and may put your company at legal risk depending on the type of data you are storing.
数据库功能的优劣是应用程序质量的许多关键方面之一;数据库一旦出现问题,就会导致数据丢失或安全性遭破坏,而且,根据数据库存储的数据的类型,甚至会让你的公司承担法律风险。
Considering how important the database is to the success of applications, it is surprising how little attention is focused on database testing. In my experience, the biggest barrier is that most testers simply don't have time to directly test the database, so they end up focusing their testing efforts on testing via the GUI.
当我们考虑数据库对于应用程序的成败多么重要时,我们就会惊讶于人们对数据库测试的关心如此之少。根据我的经验,数据库测试中最大的难题就是大多数测试员根本没有时间去直接对数据库本身进行测试,所以他们的工作仅仅集中在通过图形用户界面(对数据库)进行测试
Part 1 of this article will introduce the concepts of referential integrity and security, and discuss some tools and techniques for testing them. Part 2 of the article will address additional topics.
本文的第一部分引入引用完整性与数据库安全这两个概念,并且讨论测试这两者的一些工具和技巧。第二部分讨论额外的话题。
Referential Integrity:
引用完整性
As the name implies, relational databases store data as well as information about the relationships between various data. Data records will often contain references to other data records in other tables. Maintaining integrity of these relationships is critical; if relationships between data become broken, the function of your application could be compromised.
顾名思义,关系型数据库存储数据时也存储了各种数据间的关联信息。某个表中的数据记录往往包括了对其他表中另一些数据记录的引用。维护数据之间的关联的完整性是必要的;数据间的关联一旦破坏将很可能危及应用程序功能的正常运行。
Database developers use a number of different tools to provide referential integrity including constraints (rules within the database which require references to be maintained), triggers (processes which are 'triggered' by changes to specific data) and application code (logic contained in the application which describes how to manipulate the data).
数据库开发人员为提供引用完整性而使用了各种不同的手段,其中包括约束(数据库内部的一些规则,目的是维护引用),触发器(一些过程,由特定数据的改变而“触发”),以及应用程序的代码(包含在程序内部的描述如何操作数据的逻辑语句)。
Depending on which methods your database developers have used, the database will be vulnerable to different sorts of referential integrity issues. Constraints are the most effective way to maintain integrity, since the RDBMS will prevent anyone from making changes that will break integrity. Maintaining referential integrity via application code is the most risky (but also most flexible) approach, since you are relying on the programmers' code to make every modification correctly.
根据数据库开发人员所使用手段的不同,应用程序的数据库将会经受不同程度的引用完整性的问题。约束是维护数据库完整性的最为有效的方法,这是因为关系型数据库管理系统RDBMS能够阻止任何破坏完整性的更改操作。通过编写应用程序代码来维护引用完整性,这种方法是最危险(但也是最灵活)的方法,原因是你想做出对数据库的每一次修改都要依赖于程序员的代码。
As a tester, the first thing to do is find out how referential integrity is being maintained in your database. One of the best ways to do this is via a schema, which is a visual diagram of all the tables in the database. You can ask your database administrator (DBA) or the development team for a schema, or you can create one yourself via tools like Visio.
作为一名测试人员,你要做的第一件事就是明确你要测试的数据库的引用完整性是用何种手段进行维护的。一个好的办法是利用schema工具来检查,schema是数据库中所有表格的可视化字段说明图。你可以要求数据库管理员(DBA)或者schema开发小组为你提供,或者你可以利用类似Visio这样的工具自己做一个schema。
The tools used by the developers and/or DBA to create the database will also show you any constraints and triggers used in the database, and are usually pretty easy to set up.
开发人员和/或DBA创建数据库使用的工具同样可以向你展示数据库中使用的约束和触发器,而且这些工具安装起来通常都相当方便。
Once you know how integrity is being maintained, you can then begin to analyze how it could be broken, and what the risks are in your application. For instance, if your application relies on the application code to maintain integrity, then you will want to make sure that every piece of code that modifies the data is thoroughly tested and doesn't introduce data integrity issues. If the application relies on triggers, then you will want to have tests which cause every trigger to be fired, and make sure that the data is being modified correctly by the triggers.
一旦你弄清楚了数据库的引用完整性是如何得以维护的,你就可以开始分析完整性有可能怎样受到破坏以及应用程序中存在哪些破坏完整性的风险。例如,如果应用程序是依赖代码来维护完整性的,那么你必须对执行修改数据操作的每一段代码都进行全面测试,确保这些代码不会导致数据库完整性问题。如果依赖的是触发器,那么你必须进行可以使每一个触发器动作的测试,而且要保证数据通过触发器做出的修改是正确的。
Security:
数据库安全
There are a number of ways that security of the database is maintained. The most common ways are via usernames and passwords, or via integration with a directory such as LDAP. Some of the key questions to consider are:
维护数据库的安全的方法有很多种。最常用的是利用用户名和密码,或者利用与目录相结合的方法,例如LDAP。这里要考虑的一些主要问题有:
1、Does each user of the application have a separate password to the database, or is their a shared database account for all users of the application?
1. 应用程序的每一个用户都有一个独立的数据库登录密码吗?或者应用程序的所有用户有一个公用的数据库帐户吗?
2、How much permission do the database accounts used by the users have within the database (read-only, read/write, administrative privileges)?
2.用户所使用的数据库帐户都有多少操作数据库的权限(只读,读/写,管理权限)?
3、What interface is used to manage the accounts used to access the database? What other ways are there to access the database using the same login information as the application?
3.使用什么界面来管理访问数据库的帐户?还有哪些途径可以使用与应用应程序同样的登录信息来访问数据库?
In practice, many applications require that each user has a different account at the application-level, but there is a single account shared by all users to access the database. As a tester, it's important to understand how the database is being accessed, with what level of permission, and to make sure that all stakeholders are aware of the risks being introduced via the chosen methods.
实际上,许多应用程序都要求每一个用户都拥有一个程序级的数据库登录帐号,但同时有一个由所有用户共同使用的访问数据库的帐号。作为一名测试人员重要的是弄清楚用户是如何访问数据库的,使用哪种级别的权限访问,还有确保所有的用户都知悉所选用的访问方法会给数据库带来的风险。 自己顶,呵呵S! 不错,就是字太小,我把中文字体设大了,这样应该看的更清楚了。
加精加分鼓励,呵呵。 谢谢斑竹,我会继续努力的! 谢谢!厉害! 谢谢楼主.正需要
页:
[1]
