David Keeney - SQL Database Server Requests from the Browser @ Postgres Open


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Comment on various modes of emailing: to-webmaster, to-group, poke, etc
  • Pseudo-files
  • David Keeney - SQL Database Server Requests from the Browser @ Postgres Open

    1. 1. A universal web application backend.
    2. 2. GET /students DELETE /students/:num PUT /students/:num
    3. 3. SELECT * FROM students; DELETE FROM students WHERE id = %s UPDATE students SET name = %s, gpa = %s, birthdate = %s WHERE id = %s
    4. 4. GET /students/1 SELECT * FROM students WHERE id = %s VERB NOUN VERB NOUN
    5. 5. class AccountsController < ApplicationController def show st = students.find(:student_id) render :json => st end end VERBNOUN
    6. 6. RdbHost.com allows you to write your SQL directly in your browser-side JavaScript code.
    7. 7. Instead of: var p = $.ajax( url: „/students‟ }); Use: var p = $.postData({ q: „SELECT * FROM students‟, });
    8. 8. var p = $.postData({ q: „SELECT * FROM students‟ }); p.done(function(data) { alert(data); });
    9. 9. var p = $.postData({ q: „SELECT %s AS “To:” ‟+ „%s AS “body” ‟+ … „%s AS “Subject:” ‟ + „%s AS “service” ‟, mode: „email‟, format: „json‟ });
    10. 10. results SELECT %s AS “To:”.. email proxy
    11. 11. Super - authenticated with authcode Preauth - executes only white- listed queries Reader – limited by Postgres Privs
    12. 12. 50 char random authcode Useful for creating tables, views, procedures, and indexes. Administrative role. Used by you, not by your users. s0000000010
    13. 13. White-listed table: auth.preauth_queries tag query, mode p0000000010
    14. 14. Adding queries to a white-list is as simple as putting the account into training mode, and submitting the queries by the „preauth‟ role.
    15. 15. The white-list validation process requires that queries be parameterized, without data. The data is sent to the server with the query, and bound to the query on the server, after the query has been white-list validated.
    16. 16. Python DB API 2 module. Ajax Content Rendering for Search Engines OpenId Authentication Support „File‟ Hosting, with SFTP
    17. 17. SSL, with your certificate (or ours). Bulk database transfer tool, for sending and receiving complete databases. Web-interface database administration tool. jQuery Plugin, jquery.rdbhost.js
    18. 18. Cross-domain data access. Host anywhere, access your data here. Supports file fields in forms. Ajax with CORS does not.
    19. 19. 3 types of request methods: i) $.postData is $.ajax style ii) $.postFormData finds data in form. Use with file fields iii) $.getGET and $getPOST, work with JavaScript frameworks
    20. 20. This library contains higher level JavaScript functions. Examples: $.setupCharge({…}) $.chargeCard({…}) $.emailWebmaster({…}) $.emailAllUsers({…})
    21. 21. Removes one layer from web stack. Removes one language from web stack. All code is in browser, with ... Great debugging, profiling tools. Chrome debugger, for example, is outstanding.
    22. 22. Write your app, including business logic, in client-side code. App makes database queries using straight SQL. Train Rdbhost server account to white- list queries. Host application files on Rdbhost, as 'pseudofiles', or on any static host elsewhere.
    23. 23. Isn't there a hazard in showing your SQL to users? Maybe. If you are concerned, you can edit the SQL out, after training, so queries are requested by name.