Re: web and databases

From: dan Bray <danbray_at_erols.com>
Date: 1996/07/10
Message-ID: <4s0e9q$1sq0_at_news-s01.ny.us.ibm.net>

>
> In article <31D94510.4BD9_at_dsi.ing.unifi.it>, Franco Scarselli
> <franco_at_dsi.ing.unifi.it> wrote:
>
> : Hi,
> :
> : I am going to restructure the informatic organization of an association.
> : A part of the work requires the introduction of a Windows NT server that
> : should contain administration and medical data. I think to use a DBMS
> : among Microsoft SQL server, Oracle SQL server and Sybase SQL server.
> :
> : I have to rewrite all the (few) existing applications. I thought about a
> : common interface to use. What about writing interfaces by HTML documents
> : ? That is, I would use a WEB server to produce interfaces for ALL the
> : applications that use the database, that is for ALL the applications
> : that are used in the association.
> :
> : Which are pros and cons of such a solution ? Are there security
> : problems ? Are there examples of this approach ?
> :
> : I thank in advance anybody who can help me.
> :
>
> I wrote the chapter on CGI interfaces to relational databases in a
> recent book on CGI programming, in which I said quite a bit about
> these issues.
>
> Another excellent reference is a recent book by Jeff Rowe, {Building
> Internet Database Servers with CGI}. Jeff's WWW site also has
> a tremendous amount of useful information about database/CGI work.
>
> Take a look at the following URLs for more information:
>
> http://www.mcp.com/que/et/se_cgi/Cgi13fi.htm
> http://www.mcp.com/que/et/se_cgi/Toc.htm
> http://www.mcp.com/que/et/se_cgi/frontmat.htm#about
>
> http://cscsun1.larc.nasa.gov/~beowulf/db/existing_products.html
>
> The short answer is: a CGI interface can do quite a lot in the
> way of providing cross-platform database access over the Net.
> However, at the present state of the art it still has some
> limitations:
>
> o development tools are still rather primitive, and whatever
> tools you end up using, you'll probably end up doing at least
> some hand-hacking of SQL/HTML/PERL/C/WHATEVER code.
>
> o unless you include some JAVA applets (and I won't go into
> the issues there, since I've limited JAVA knowledge), you're
> stuck with the somewhat limited set of GUI widgets provided
> by HTML.
>
> o http uses a stateless server design. This is the biggest
> limitation of http for database work, because it means:
>
> + no concept of current connection state
>
> + no concept of logging-in and logging-out
>
> + concurrent updates are a _mess_ because you
> can't lock rows while a user is editing a local
> copy of the data
>
> + client-side caching of passwords presents a big
> security hole if the browser is in a public place
> like a kiosk -- with most browsers, it caches the
> password until the user quits the browser; if they
> just walk away anybody else can use the cached
> passwords
>
> + for data entry, the entire form is submitted when
> the user hits the "submit" button -- there's no
> provision for field-level validation unless you
> use a client-side scripting language like JAVA
>
> Overall, I'd say CGI is quite good for searching, and acceptable
> for submitting new data provided you have a decent validation
> scheme -- though I'd advise holding all submitted data somewhere
> for human review before including it in the searchable database.
>
> For updating, I don't think it's there yet.
>
> And for any application, it will take more work than an equivalent
> application with a conventional C/S package. However, and here's
> the big win, once you get it working for any standard WWW browser
> it should work for any other popular browser (assuming you avoid
> using browser-specific HTML tags!).
>
> --------
> Matthew.Healy_at_yale.edu
> http://paella.med.yale.edu/~healy/matt_healy.html
> Center for Medical Informatics, Yale School of Medicine
>
> Any content-based regulation of the Internet, no matter how benign
> the purpose, could burn the global village to roast the pig.
>
> --Judge Dalzell in ACLU v. Reno, No. 96-963 (E.D. Pa.)
>

You might also look at the PowerWeb Server from Compusource. It is currently available on OS/2 and soon to be available on NT. It allows you to embed SQL in your HTML for direct database access. No CGI overhead. IT supports Sybase, DB2 and SQL server (I believe). Received on Wed Jul 10 1996 - 00:00:00 CEST

This message: [ Message body ]
Next message: Tim Michael: "SQL*Net V2 and multi-instance, multi database site"
Previous message: Gary Lawrence Murphy: "Re: web and databases"
Maybe in reply to: Russ Hensley: "Re: web and databases"
In reply to AJ Musgrove: "Re: web and databases"
Next in thread: The North West Company: "Re: Execute privileges on PL/SQL function based upon role"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message