I discovered handful of discussion threads about this- but nothing which introduced an evaluation of three mechanism under one thread.

Here is my question...

I have to audit DB changes- insertupdatesdeletes to business objects.

I'm able to think about 3 ways to get this done

1) DB Triggers

2) Hibernate interceptors

3) Spring AOP

(This is specific to some SpringHibernateRDBMS- I suppose this really is neutral to javac# or hibernatenhibernate- but when the way to go depends upon C++ or Java or specific implementation of hibernate- please specify)

Do you know the benefits and drawbacks of choosing one of these simple methods ?

I'm not requesting implementation particulars.-This can be a design discussion.

I'm wishing we are able to get this to as part of community wiki

I only can discuss Triggers and NHibernate, because I'm not sure enought abou tSpring AOP.

It is dependent on, of course, what's most significant for you personally.

DB triggers

  • are fast
  • will always be known as, even from native SQL, Scripts, exterior applications.

NHibernate interceptors / occasions

  • aren't DBMS specific.
  • permit you quick access for you business information, such as the user session, client machine title, certain information or understanding, localization, etc.
  • permit you declarative configuration, like characteristics around the entity, which define when the entity must be drenched and just how.
  • permit you turning off logging, this may be essential for upgrades, imports, special actions that aren't triggered through the user.
  • permit you an entity view towards the business design. You're most likely nearer to the customers perspective.

I can not think about worthwhile reason behind not using database triggers to audit changes towards the database. Card inserts, updates and removes could possibly hit the database from various sources - triggers will catch each one of these Hibernate etc. won't.

I tink considering auditing, you have to consider what it's for. First, it's to havea record of who transformed what and what transformed so that you can out bad changes, you are able to identify issues with the machine (we are able to see which of countless differnt programs casued the modification which will help identify rapidly which is damaged) which means you can identify who made the modification. The final can be very critical if this involves discovering fraud. Should you choose from the interface, you won't ever begin to see the user carrying out fraud who changes the information within the after sales to create themself a cheque. Should you choose from the interface, likely you need permissions set in the tabel level, thus opening the doorway for fraud to start with. Should you choose from the interface you will not know which disgruntled worker erased the whole user table for that pure annoyance value. Should you choose from the front-end you will not know which incompetent dba accidentally up-to-date all customer orders towards the same customer. I can not support using anything except triggers for auditing while you lose a great a part of the reason why you need auditing to begin with.

Using Hibernate interceptors to do Audit logs is deeply problematic. I am stunned by the amount of blogs that recommend this process without mentioning its most apparent flaw - the interceptor Needs to make use of a new transaction to record the audit. And that means you could effectively save the primary transaction and also have a system crash that does not record the audit transaction!