mySQL: PHP or direct access?

[Peter TB Brett]

On 2015-08-13 19:16, Peter Haworth wrote:
> What are the pluses and minuses you get from using php as a middleman 
> to
> access a mySQL database on a server versus accessing the mySQL database
> directly from LC?

There are good reasons other than security that you might want to 
indirect your database operations through some server-side middleware.

Let's say you release version 1.0 of your app.  It talks directly to 
your database.  Everything is great.

A few months later, you realise that in order to add a cool new feature 
to version 2.0 of your app, you want to make some changes to the way the 
database is designed.  But you can't!  There are still lots of copies of 
version 1.0 out there, and they depend on having the database set up the 
way they expect.  So, you have to make version 2.0 and version 1.0 use 
separate databases (or even separate database servers), and users can't 
easily move between app 1.0 and app 2.0.

Let's say that instead you provide a server-side middleware.  App 1.0 
tells the middleware the high-level operation ("change the user profile 
pic to <blah>"), and the middleware converts it into SQL.

If the way that the user database is laid out changes in app 2.0, then 
you can change the middleware to cope with the changes -- and app 1.0 
will still carry on working completely happily.  The high-level 
operations it's doing are still the same, but the way they are performed 
has changed -- but it doesn't need to know about it.

I would say that this is almost as important a consideration as 
security.  Given the regularity with which security flaws are found in 
MySQL, I very strongly recommend *not* exposing MySQL ports to the 
Internet.

                                Peter

-- 
Dr Peter Brett <peter.brett at livecode.com>
LiveCode Engine Development Team