django AuditTrail vs Reversion[英] django AuditTrail vs Reversion

本文是小编为大家收集整理的关于django AuditTrail vs Reversion的处理/解决方法,可以参考本文帮助大家快速定位并解决问题,中文翻译不准确的可切换到English标签页查看源文。

问题描述

我正在开发一个新的Web应用程序,我需要将数据库中的任何更改存储到审核表.此类审核表的目的是,在后来,在真正的物理审核中,我们可以确定在某种情况下发生了什么,谁编辑了例如,例如,在例如,什么是DB的状态.一个复杂的计算. 因此,主要是编写审核表,而不是阅读.有时可能会生成报告.

我已经寻找可用的解决方案

  1. audittrail - 简单,这就是为什么我倾向于它,我可以单身理解它文件代码.
  2. recversion - 看起来足够简单,可以使用,但不确定修改它会很容易如果需要.
  3. rcsfield 似乎非常复杂,满足了我的需求

我没有尝试过任何任何人,所以我想知道一些真实的经验以及我应该使用哪种经验.例如哪一个更快地使用更少的空间,易于扩展和维护?

推荐答案

正如我在我的问题中所说的RCField所说的那样,似乎满足了我的需求,这很简单,我希望将任何更改存储在我的桌子上,并且可以稍后再回到这些更改以生成一些报告.<<<<<./p>

所以我测试了审核和归还 恢复似乎是一个更好的完整应用程序,具有许多功能(我不需要),据我所知,它将数据保存在XML或YAML格式的单个表中,我认为这是

>
  1. 将在单个表中生成太多数据
  2. 要读取该数据,我可能无法使用已经存在的DB工具.

审计在这方面获胜,每个表都会生成相应的审核表,因此可以轻松跟踪更改,每个表数据较少,并且可以轻松地操纵,并且用户可以使用报告生成.

所以我要去审核.

其他推荐答案

我个人更喜欢在数据库中创建审核表并通过触发器填充,以便存储任何更改,甚至存储了从查询窗口中的临时查询.我永远不会考虑不基于数据库本身的审核解决方案.这很重要,因为正在对数据库进行恶意更改或犯罪的人不太可能通过网络界面而是直接在后端进行.这些事情更多的是,与外界黑客相比,心怀不满或盗窃的雇员发生.如果您已经使用了ORM,则您的数据处于危险之中,因为权限在表级别而不是它们所属的SP级别.因此,更重要的是要捕获DAT的任何可能的更改,而不仅仅是GUI的内容.我们有一个动态PROC来创建每当将新表添加到数据库中时运行的审核表.由于我们的审核表仅填充更改,而不是整个记录,因此每次添加字段时,我们都不需要更改它们.

在评估可能的解决方案时,请确保您考虑将数据恢复到撤销特定更改的困难.一旦拥有审核表,您会发现这是您需要做的最重要的事情之一.还要考虑随着数据库架构的变化,维护信息将有多困难.

选择解决方案,因为它似乎最容易理解,通常不是一个好主意.满足要求,安全性等之后,这应该是您的服务标准最低的.

其他推荐答案

我不能为您提供真正的经验,但想进行观察.

我假设在审计中,您的意思是 django wiki上的审核.如果是这样,我想您想看看同一位作者(Marty Alchin aka @gulopine)在他的书 pro django . Django 1.x.

应该更好地工作

这是我将在即将到来的项目上使用的方法,不是因为它一定是从技术角度击败了其他项目,而是因为它与该应用程序的审计跟踪的"现实世界"期望匹配.

本文地址:https://www.itbaoku.cn/post/597491.html

问题描述

I am working on an new web app I need to store any changes in database to audit table(s). Purpose of such audit tables is that later on in a real physical audit we can asecertain what happened in a situation, who edited what and what was the state of db at the time of e.g. a complex calculation. So mostly audit table will be written and not read. Report may be generated though sometimes.

I have looked for available solution

  1. AuditTrail - simple and that is why I am inclining towards it, I can understand it single file code.
  2. Reversion - looks simple enough to use but not sure how easy it would be to modify it if needed.
  3. rcsField seems to be very complex and too much for my needs

I haven't tried anyone of these, so I wanted to know some real experiences and which one I should be using. e.g. which one is faster uses less space, easy to extend and maintain?

推荐答案

As i stated in my question rcField seems to be to much for my needs, which is simple that i want store any changes to my table, and may be come back later to those changes to generate some reports.

So I tested AuditTrail and Reversion Reversion seems to be a better full blown application with many features(which i do not need), Also as far as i know it saves data in a single table in XML or YAML format, which i think

  1. will generate too much data in a single table
  2. to read that data I may not be able to use already present db tools.

AuditTrail wins in that regard that for each table it generates a corresponding audit table and hence changes can be tracked easily, per table data is less and can be easily manipulated and user for report generation.

So i am going with AuditTrail.

其他推荐答案

Personally I prefer to create audit tables in the database and populate through triggers so that any change even ad hoc queries from the query window are stored. I would never consider an audit solution that is not based in the database itself. This is important because people who are making malicious changes to the database or committing fraud are not likely to do so through the web interface but on the backend directly. Far more of this stuff happens from disgruntled or larcenous employees than outside hackers. If you are using an ORM already, your data is at risk because the permissions are at the table level rather than the sp level where they belong. Therefore it is even more important that you capture any possible change to the dat not just what was from the GUI. WE have a dynamic proc to create audit tables that is run whenever new tables are added to the database. Since our audit tables populate only the changes and not the whole record, we do not need to change them every time a field is added.

Also when evaluating possible solutions, make sure you consider how hard it will be to revert the data to undo a specific change. Once you have audit tables, you will find that this is one of the most important things you need to do from them. Also consider how hard it will be to maintian the information as the database schema changes.

Choosing a solution because it appears to be the easiest to understand, is not generally a good idea. That should be lowest of your selction criteria after meeting the requirements, security, etc.

其他推荐答案

I can't give you real experience with any of them but would like to make an observation.

I assume by AuditTrail you mean AuditTrail on the Django wiki. If so, I think you'll want to instead look at HistoricalRecords developed by the same author (Marty Alchin aka @gulopine) in his book Pro Django. It should work better with Django 1.x.

This is the approach I'll be using on an upcoming project, not because it necessarily beats the others from a technical standpoint, but because it matches the "real world" expectations of the audit trail for that application.