[RevServer tips] Spreading the load or why wise developers use asynchronous workflows
Jeff Massung
massung at gmail.com
Wed Aug 4 16:20:57 EDT 2010
Never, ever, ever do this. ;-)
It's basically asking for someone to hack - and nuke - your database out
from under you. You never want to connect to it remotely, and you never want
to send SQL commands to it directly. Use an intermediate layer.
For example, have a server process that accepts incoming connections and
[indirect] commands that will end up modifying the database. But that
process is capable of doing a lot of security checks:
- Logins + permissions
- DOS attack checks
- Ensure validity of actions
- Much more...
The 3rd one there is probably most important. Instead of having a remote app
send direct SQL commands to a remotely hosted database, you create action
commands that end up performing the correct SQL under-the-hood.
This has *many* advantages:
- Clients have no direct access to the database (which may hold the data for
many clients)
- You can change your data schema without a client ever knowing, and no
application updates are required.
- The data storage method is hidden from potential hackers.
- Much more...
Jeff M.
On Wed, Aug 4, 2010 at 3:10 PM, Bob Sneidar <bobs at twft.com> wrote:
> Hi Jan.
>
> Is accessing your database directly from a remote location taboo? I'm
> developing an app that does exactly that!
>
> Bob
>
>
>
More information about the use-livecode
mailing list