Why do I need Stored Procedures when I have LINQ to SQL

前端 未结 18 1066
栀梦
栀梦 2021-02-05 15:59

My understanding of Linq to Sql is it will take my Linq statement and convert it into an equivalent SQL statement.

So

var products = from p in db.Product         


        
18条回答
  •  执念已碎
    2021-02-05 16:15

    Ah, the subject of many a debate.

    Many would argue these days that technologies such as LINQ-to-SQL generate such good SQL these days that the performance advantages are marginal. Personally, I prefer SQL experts tuning SQL performance, not general coders, so I tend to disagree.

    However, my main preference for stored procedures has less to do with performance and more to do with security and configuration management.

    Much of my architectural work is on service-oriented solutions and by treating the database as a service, it is significantly aided by the use of stored procedures.

    Principally, limiting access to the database through stored procedures creates a well-defined interface, limiting the attack surface area and increasing testability. Allowing applications direct access to the underlying data greatly increases the attack surface area, reducing security, and makes impact analysis extremely difficult.

提交回复
热议问题