David Keeney - SQL Database Server Requests from the Browser @ Postgres Open
-
Upload
postgresopen -
Category
Technology
-
view
417 -
download
0
Transcript of David Keeney - SQL Database Server Requests from the Browser @ Postgres Open
![Page 1: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/1.jpg)
RdbHost
A universal web application backend.
![Page 2: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/2.jpg)
![Page 3: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/3.jpg)
![Page 4: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/4.jpg)
![Page 5: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/5.jpg)
![Page 6: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/6.jpg)
GET /students
DELETE /students/:num
PUT /students/:num
ReST
![Page 7: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/7.jpg)
SELECT * FROM students;
DELETE FROM students WHERE id = %s
UPDATE students SET name = %s, gpa = %s, birthdate = %s WHERE id = %s
![Page 8: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/8.jpg)
GET /students/1
SELECT * FROM students WHERE id = %s
VERB NOUN
VERB NOUN
![Page 9: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/9.jpg)
class AccountsController < ApplicationController def show st = students.find(:student_id) render :json => st endend
VERBNOUN
![Page 10: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/10.jpg)
RdbHost.com allows you to write your SQL directly in your browser-side JavaScript code.
![Page 11: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/11.jpg)
Instead of:
var p = $.ajax( url: ‘/students’ });
Use:
var p = $.postData({q: ‘SELECT * FROM students’,
});
![Page 12: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/12.jpg)
var p = $.postData({q: ‘SELECT * FROM students’
});
p.done(function(data) {
alert(data); });
![Page 13: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/13.jpg)
var p = $.postData({q: ‘SELECT %s AS “To:” ’+
‘%s AS “body” ’+ … ‘%s AS “Subject:” ’ + ‘%s AS “service” ’, mode: ‘email’, format: ‘json’ });
EMAILING
![Page 14: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/14.jpg)
results
SELECT %s AS “To:”..
email proxy
![Page 15: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/15.jpg)
Super - authenticated with authcode
Preauth - executes only white- listed queries
Reader – limited by Postgres Privs
ROLES
![Page 16: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/16.jpg)
50 char random authcode
Useful for creating tables, views, procedures, and indexes.
Administrative role. Used by you, not by your users.
Super Role
s0000000010
![Page 17: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/17.jpg)
White-listed
table: auth.preauth_queries
tag
query, mode
PREAUTH
p0000000010
![Page 18: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/18.jpg)
Adding queries to a white-list is as simple as putting the account into training mode, and submitting the queries by the ‘preauth’ role.
TRAINING
![Page 19: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/19.jpg)
The white-list validation process requires that queries be parameterized, without data.
The data is sent to the server with the query, and bound to the query on the server, after the query has been white-list validated.
![Page 20: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/20.jpg)
Python DB API 2 module.
Ajax Content Rendering for Search Engines
OpenId Authentication Support
‘File’ Hosting, with SFTP
Other Features
![Page 21: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/21.jpg)
SSL, with your certificate (or ours).
Bulk database transfer tool, for sending and receiving complete databases.
Web-interface database administration tool.
jQuery Plugin, jquery.rdbhost.js
More Features
![Page 22: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/22.jpg)
Cross-domain data access. Host anywhere, access your data here.
Supports file fields in forms. Ajax with CORS does not.
jQuery Plugin
![Page 23: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/23.jpg)
3 types of request methods:
i) $.postData is $.ajax style
ii) $.postFormData finds data in form. Use with file fields
iii) $.getGET and $getPOST, work with JavaScript frameworks
jQuery.rdbhost.js
![Page 24: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/24.jpg)
This library contains higher level JavaScript functions.
Examples: $.setupCharge({…}) $.chargeCard({…}) $.emailWebmaster({…}) $.emailAllUsers({…})
jQuery.rdbhost.utils.js
![Page 25: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/25.jpg)
Removes one layer from web stack.
Removes one language from web stack.
All code is in browser, with ...
Great debugging, profiling tools.
Chrome debugger, for example, is outstanding.
How is RdbHost Easier?
![Page 26: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/26.jpg)
Write your app, including business logic, in client-side code.
App makes database queries using straight SQL.
Train Rdbhost server account to white-list queries.
Host application files on Rdbhost, as 'pseudofiles', or on any static host elsewhere.
How Does It Work?
![Page 27: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/27.jpg)
Isn't there a hazard in showing your SQL to users?
Maybe.
If you are concerned, you can edit the SQL out, after training, so queries are requested by name.
But What About … ?
![Page 28: David Keeney - SQL Database Server Requests from the Browser @ Postgres Open](https://reader035.fdocuments.net/reader035/viewer/2022062703/554f3cf0b4c905cd048b51a7/html5/thumbnails/28.jpg)