Re: Functionality in database or external langauge

From: Jan Poslusny <pajout(at)gingerall(dot)cz>
To: Dennis Gearon <gearond(at)fireserve(dot)net>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: Functionality in database or external langauge
Date: 2004-05-13 09:09:34
Message-ID: 40A33B4E.70807@gingerall.cz
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

I have some experience with following scenario:
1. Pg or other RDBMS realizes data integrity and transaction isolation,
only. Potentially, only _very_ well known and oldschool rules are
implemented here, for instance user sessions, which are not strictly
related with real bussiness rules. Additionally, helper (updatable)
views and stored functions are implemented to simplify and support the
next point.
2. Something as application server realizes bussiness rules.
-These processes are fully privileged (because trusted) to perform
actions on data, but they do not use Pg-superuser account. Typically,
there are httpd daemons with mod_perl. They could recognise user
privileges and perform or refuse requested operations on data.
3. Client side realizes GUI and the user inserted data basic validation.
-Typically web browsers, not trusted.

We use this to realize light or not-heavy-weight database driven webs.

Dennis Gearon wrote:

> I'd like to get people's feelings about the topic.
>
> At one extreme is to use table locking and external language queries
> to even do referential integerity - a la Old (present?) MySQL/PHP.
> A more realistic low end is to use Postgres or something more towards
> heavy iron (if necessary) and use referential integrity, data
> integrity, check cababilities.
>
> At the other end is to only allow access to normal operation of the
> database via procedures for only predefined operations on the data,
> with different levels of authority in different scripts with different
> users.
>
> It is a lot easier to change databases is the functionality is in the
> external langauge. Both the access and the data integerity and
> business rule enforcement is a lot better with only procedure access.
>
> What's everyone's experience with these paradigms?
>
> ---------------------------(end of broadcast)---------------------------
> TIP 8: explain analyze is your friend
>

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Christian Rank 2004-05-13 09:41:24 referential integrity constraints not checked inside PL/pgSQL functions?
Previous Message Kris Jurka 2004-05-13 08:58:40 Re: LISTEN/NOTIFY with JDBC