[RevServer tips] Spreading the load or why wise developers use asynchronous workflows

Jan Schenkel janschenkel at yahoo.com
Thu Aug 5 00:30:41 CDT 2010


Hi Bob et al,

Jeff and others have already given the most important reason: security. It is one less place for the hackers to try and crack open (I recall a huge problem with MS SQLServer back in 2000 where one of its open ports allowed a virus to spread and bring servers to a grinding halt).

Closely related is encapsulation: if someone can find his way into the database port and run arbitrary queries, that person can not only steal information, but can cripple everything by deleting or maiming data.

Compatibility between versions is also much easier to accomplish: updates to the database schema won't cause headaches because one person is using an older version of the client application. Bonus points for using "go stack url" to fetch the latest version of the client app from the same server.

Performance is another important factor: the closer your business logic is to the data, the faster things can run. Ideally the logic is on the same server, in which case some database drivers use shared memory to increase performance; if it is running on another server closeby, you could improve merformance even further by connecting the two servers directly.

Oh, and whatever you do, don't just make a cgi that simply executes whatever string comes over the internet as an SQL query. It's already bad enough that we have to deal with SQL injection into forms, so don't make it worse - here's a nice cartoon to explain: <http://xkcd.com/327/>

Now, it is tempting to just scale up your single-user SQLite database access to a MySQL server on your own local network. And if you get away with it, you may even want to use the same method to go from local network to the internet by simply moving the database.

But to handle concurrent data changes correctly, you're going to have to make changes to how you approach your database records (e.g. use optimistic locking with versioning). And at that point you ought to step back and see what else can be improved.

Cheers,

Jan Schenkel
=====
Quartam Reports & PDF Library for Revolution
<http://www.quartam.com>

=====
"As we grow older, we grow both wiser and more foolish at the same time."  (La Rochefoucauld)


--- On Wed, 8/4/10, Bob Sneidar <bobs at twft.com> wrote:
> Hi Jan. 
> 
> Is accessing your database directly from a remote location
> taboo? I'm developing an app that does exactly that! 
> 
> Bob
> 
> 
> On Aug 4, 2010, at 12:59 PM, Jan Schenkel wrote:
> 
> > Excellent article, Andre - perhaps you should expand
> it with a stern warning for people who want to access their
> remote database directly, rather than going througha cgi?
> That's also one of those coming-from-the-desktop practices
> that need to be taken care of once and for all, IMO :-)
> > 
> > Jan Schenkel.
> 


      




More information about the use-livecode mailing list