Search Postgresql Archives

Re: cutting out the middleperl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Kenneth,

This is wonderful news.  I will definitely be checking into it as soon as I have a moment.  Thanks!

Kev

> Kev, we have a GPL'd product targeting Postgres that has significant 
> overlap with what you want, though in other areas we went in another 
> direction.  The site is www.andromeda-project.org, and I've put some 
> comments below:
> 
> Kev wrote:
> > Hi everyone,
> >
> > I'm still in the design phase of a project.  I was just wondering if
> > anyone has any thoughts or experience on the idea of cutting the P out
> > of the LAMP (or in my case, WAMP for now) stack.  What I mean is
> > having
> > everything encapsulated into sql (or plpgsql or plperl where needed)
> > functions stored in the pgsql server, and have Apache communicate with
> > pgsql via a tiny C program that pretty much just checks whether the
> > incoming function is on the allowed list and has the proper data
> > types,
> > then passes it straight in.  Any errors are logged as potential
> > security
> > breaches.
> >   
> 
> Andromeda's goal is to implement all biz rules: constraints, automations 
> and security, in the server. 
> 
> This in effect makes the web server a proxy to the database, which 
> sounds like what you are after.   The "P" portion for us is PHP, not 
> Perl, and it is small though non-zero.  It has only two jobs really.  In 
> the one direction it converts HTTP requests into SQL, and in the other 
> it converts SQL results into HTML.
> 
> In terms of experience, I sat down to write the first code 33 months 
> ago, and it began to pay my bills about six months later.  All of the 
> commercial bragging stuff is on the company website: http://www.secdat.com.
> 
> > I'm really new to mod_perl too, so another question would be if this
> > would be much faster than a simple perl script that did the same
> > thing.
> >   
> 
> Can't say there.  My personal preference is for PHP because I can't 
> understand Perl five minutes after I've written it.
> 
> > I ask this because I realize I need to carefully check data coming
> > into
> > pgsql functions as well as at the client end.  Why maintain a bunch of
> > scripts with names similar to the functions they're calling and all
> > performing similar checks anyway?
> >   
> 
> Well actually we tackled that problem by decided to *preserve* direct 
> table access through SQL as the standard API, which I realize is not the 
> standard, but for the life of me I can't understand why, since it is 
> such an amazingly simpler way to get what everyone says they are after.
> 
> Here's what I mean.  We write out a database spec in a plaintext file 
> that includes security, constraints, and automations.  A "builder" 
> program then generates the DDL, encodes the biz logic in triggers, and 
> assigns table sel/ins/upd/del permissions to the tables.
> 
> No messy API to remember or manage.  Just specify the tables and 
> columns, who can do what, and what the formulas are, and its all automatic.
> 
> A huge benefit to this is the basic ability to manipulate user's 
> databases through direct SQL. 
> 
> It's also IMHO the only way to ensure that you can accomplish the task 
> of having the web server be a proxy.  Its easy to convert HTTP into 
> simple SQL insert/update etc., much harder to make it try to learn an API.
> 
> > I was kinda salivating at the thought of how fast things would be if
> > you
> > cut out the A as well, by using a Flash applet to give socket access
> > to
> > JavaScript.  But then I guess you have to make your pgsql server
> > itself
> > publicly accessible on some port.  Is that just asking for trouble?
> >
> > I appreciate any comments or thoughts anyone might have on this.
> >
> > Thanks,
> > Kev
> >
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 3: Have you checked our extensive FAQ?
> >
> >                http://www.postgresql.org/docs/faq
> >   
> 



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux