Question on QB Enterprise Version User Controls

I read somewhere that the Enterprise version of QB now uses SQL. Is it using SQL for all transactions? I am hoping to find a version that does not give individual users read write access to the Quickbooks data file through the Windows file system, and use of an SQL database process that runs separately from the user's Quickbooks process should allow for that .

How robust are the user controls in the Enterprise version?

Reply to
W
Loading thread data ...

QuickBooks uses MySQL not Microsoft SQL.

Reply to
Haskel LaPort

So what is the implication of that? Are users sharing access to a flat file or going through a server?

Reply to
W

MySQL is an open source database product.

formatting link

Unless there has been a recent change of which I am not aware, QuickBooks uses a locked version of the Sybase SQLAnywhere database server -- since the 2006 version.

formatting link
The Intuit QB version is locked in the sense that there is no way to query it directly using SQL statements. All external access to the data has to go through the QB SDK.

As for Enterprise, I believe it's the same engine, just with less restrictions on list size and possible some performance enhancements

Reply to
klunk

The question is whether the SQL server is running in a separate process space, or do individual users end up sharing a flat file that they all access read/write on the file system?

Running SQL in a separate process makes it possible to achieve a very good level of security. Running users with shared read/write access to a file on the file system makes security almost meaningless. A user could just copy the entire file and do with it what they like.

Reply to
W

Your question was well stated the first time. I believe the database engine that comes with QB Enterprize does not have the level of security you are looking for. Perhaps those in this group that do Enterprize consulting can confirm this. When any of my clients or prospects outgrow QB Pro or Premium I always recomend they make the real move up to an actual mid-range product rather than QB on vitamins AKA Enterprize..

Reply to
Haskel LaPort

One more thing. If the database engine used by Enterprise had that security feature then I would assume that Intuit would tout it in their list of features.

Reply to
Haskel LaPort

They do it by advertising additional security controls for users. But what I am referring to is at a more technical level than I would expect a marketing brochure to discuss.

I've never heard of a shared SQL database using a flat file shared on the file system by all users having read/write access to that file. So getting confirmation of that from someone who is technical and who runs Enterprise Edition would be helpful.

Reply to
W

It would probably cost $15K to buy the software and $75K to do the transfer, and in the end we would be giving up as many features as we get.

It's a shame Intuit cannot just support its customers as they grow instead of trying to just milk a very tired product forever.

Reply to
W

QuickBooks no longer uses shared access to a single data file, with each user's copy of QB directly accessing the file -- which it did in version QB 2005 and earlier.

The data file is now a true database file which is only directly acted upon by a separate db server process, which fields SQL requests made by instances of QB.

However, even when setting up a hosting-only server, QB requires a share on the folder holding the data file with read-write access for any user that will be using any data files therein.

So, you are right that any of those users could make a copy of the data file.

My guess as to why Intuit does it this way is to maintain their paradigm of users opening a specific "company file" including the full path to the file, rather than just having the SQL database server provide a list of "company databases" as aliases to the actual files.

Reply to
klunk

Although I agree this opens a possible security problem, what a user could actually do with the file deserves some discussion.

Before QB was moved to the Sybase database with version 2006, there were many ways to extract all data from a QB company data file without even having the password, which opened a serious security hole.

With the database format of version 2006 and later about the only thing that can be done is open it with QB, and of course be subject to the rights of whatever QB login. I have second-hand information that not only is the db server build for QB proprietary, but that the data is stored with strong encryption. I haven't seen any reports that the file has been cracked.

Reply to
klunk

Some may look at it as a cost others an investment. In the past the loss of some features went hand-in-hand with moving up the software food chain. Today's mid-range offerings have come a long way. Very little if nothing at all is lost.

Reply to
Haskel LaPort

It isn't anywhere near true enterprise class in that sense because the company file still has to be shared with full access for the clients.

Reply to
George

It seems to be some sort of a weird hybrid. Some stuff gets done using SQL queries and some doesn't. You must still share out the company file giving full access rights to the user accounts. So anyone who has access could easily copy the file onto a memory stick or whatever.

Reply to
George

It would seem more like they have a lot of old code in the product and still do a lot of client side processing from what I can tell.

Reply to
George

The sad part is that already have a version that only requires a web client. It is what they run on their online version. I think they are so focused on hosting stuff that they don't see the opportunity for users who have no interest in someone else holding their data.

Reply to
George

BeanSmart website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.