Log files

We written a lot of validation code in this course. Validation is a Big Deal in business apps.

Principle

Don't trust user data

Validate and sanitize user data.

Validation catches errors, but some people might type in bad data on purpose. Entering bad data is one way to try to hack a system. For example, there's a well-known exploit that lets hackers erase database data, by typing a database query into a form field. Look up "SQL injection" if you're interested.

How to catch Evil Doers? One way is to look for patterns in system use. If someone keeps typing ";DELETE * FROM USERS;" into a form field, you know something strange is going on.

A simpler one: someone in your office keeps trying to log in to a payables system, again, and again, with different passwords.

Another example. Suppose your company has a retail location that's not open on Sundays, but there are sales transactions in the database, that happen on Sundays. Hmm...

Log files can help. They're simple lists of things that happened, like failed login attempts. Logging transactions is another thing that business apps do.

When you have log files, you can use Excel, for example, to analyze them. You could even write VBA programs for that. You could write a VBA program that went through a log file, finding transactions that happened on a Sunday, or were large, or used suspiciously round numbers. Seriously, how many sales come out at exactly $1,000?

Log files of business transactions, like sales, are sometimes called audit logs.

Job interview

"I learned how to make audit logs" sounds good in a job interview.

In the next few lessons, you'll learn how to keep log files in a business app.