David Keeney - SQL Database Server Requests from the Browser @ Postgres Open

RdbHost

A universal web application backend.

GET /students

DELETE /students/:num

PUT /students/:num

ReST

SELECT * FROM students;

DELETE FROM students WHERE id = %s

UPDATE students SET name = %s, gpa = %s, birthdate = %s WHERE id = %s

GET /students/1

SELECT * FROM students WHERE id = %s

VERB NOUN

VERB NOUN

class AccountsController < ApplicationController def show st = students.find(:student_id) render :json => st endend

VERBNOUN

RdbHost.com allows you to write your SQL directly in your browser-side JavaScript code.

Instead of:

var p = $.ajax( url: ‘/students’ });

Use:

var p = $.postData({q: ‘SELECT * FROM students’,

});

var p = $.postData({q: ‘SELECT * FROM students’

});

p.done(function(data) {

alert(data); });

var p = $.postData({q: ‘SELECT %s AS “To:” ’+

‘%s AS “body” ’+ … ‘%s AS “Subject:” ’ + ‘%s AS “service” ’, mode: ‘email’, format: ‘json’ });

EMAILING

results

SELECT %s AS “To:”..

email proxy

Super - authenticated with authcode

Preauth - executes only white- listed queries

Reader – limited by Postgres Privs

ROLES

50 char random authcode

Useful for creating tables, views, procedures, and indexes.

Administrative role. Used by you, not by your users.

Super Role

s0000000010

White-listed

table: auth.preauth_queries

tag

query, mode

PREAUTH

p0000000010

Adding queries to a white-list is as simple as putting the account into training mode, and submitting the queries by the ‘preauth’ role.

TRAINING

The white-list validation process requires that queries be parameterized, without data.

The data is sent to the server with the query, and bound to the query on the server, after the query has been white-list validated.

Python DB API 2 module.

Ajax Content Rendering for Search Engines

OpenId Authentication Support

‘File’ Hosting, with SFTP

Other Features

SSL, with your certificate (or ours).

Bulk database transfer tool, for sending and receiving complete databases.

Web-interface database administration tool.

jQuery Plugin, jquery.rdbhost.js

More Features

Cross-domain data access. Host anywhere, access your data here.

Supports file fields in forms.  Ajax with CORS does not.

jQuery Plugin

3 types of request methods:

i) $.postData is $.ajax style

ii) $.postFormData finds data in form. Use with file fields

iii) $.getGET and $getPOST, work with JavaScript frameworks

jQuery.rdbhost.js

This library contains higher level JavaScript functions.

Examples: $.setupCharge({…}) $.chargeCard({…}) $.emailWebmaster({…}) $.emailAllUsers({…})

jQuery.rdbhost.utils.js

Removes one layer from web stack.

Removes one language from web stack.

All code is in browser, with ...

Great debugging, profiling tools.

Chrome debugger, for example, is outstanding.

How is RdbHost Easier?

Write your app, including business logic, in client-side code.

App makes database queries using straight SQL.

Train Rdbhost server account to white-list queries.

Host application files on Rdbhost, as 'pseudofiles', or on any static host elsewhere.

How Does It Work?

Isn't there a hazard in showing your SQL to users?

Maybe.

If you are concerned, you can edit the SQL out, after training, so queries are requested by name.

But What About … ?