Web forum is in read-only mode. Login as active registered customer for write access
  Forum Search   New Posts New Posts

Direct database access

 Post Reply Post Reply
Author
Kovacevic Zeljko View Drop Down
Senior Member
Senior Member
Avatar

Joined: 28 May 2010
Posts: 288
Post Options Post Options   Quote Kovacevic Zeljko Quote  Post ReplyReply Direct Link To This Post Topic: Direct database access
    Posted: 06 Jul 2018 at 10:21am
As I understood from the documentation, the only way so far to access a database is by corresponding REST API (XData). Can I somehow connect to SQL Server or Oracle directly?
Back to Top
Bruno Fierens View Drop Down
TMS Support
TMS Support
Avatar

Joined: 11 May 2010
Posts: 7809
Post Options Post Options   Quote Bruno Fierens Quote  Post ReplyReply Direct Link To This Post Posted: 06 Jul 2018 at 10:34am
At this moment we support XData. Bob Swart also wrote an article for using Embarcadero RAD server with TMS WEB Core: https://www.tmssoftware.com/site/blog.asp?post=462 

Back to Top
Kovacevic Zeljko View Drop Down
Senior Member
Senior Member
Avatar

Joined: 28 May 2010
Posts: 288
Post Options Post Options   Quote Kovacevic Zeljko Quote  Post ReplyReply Direct Link To This Post Posted: 06 Jul 2018 at 11:34am
Personally, I don't have the time to develop REST service just to be able to access my database  using this framework. Also, I believe that most of the people will not accept to pay for RAD Server just to be able to do the same, nor do I wish to have additional dependencies toward other services and technologies in my web application.

I was really looking forward to this product, but without direct DB access to mayor DB manufacturers I don't see the reason to switch from MVC. Pretty much any business application needs DB connection and the current approach is not satisfying (at least for me). I will still monitor the development of this framework and when you enable this feature will definitely buy the product.
Back to Top
Bruno Fierens View Drop Down
TMS Support
TMS Support
Avatar

Joined: 11 May 2010
Posts: 7809
Post Options Post Options   Quote Bruno Fierens Quote  Post ReplyReply Direct Link To This Post Posted: 06 Jul 2018 at 11:37am
Creating a REST service for your database is exactly what TMS XData does out of the box.

Other than this, please see:



Edited by Bruno Fierens - 06 Jul 2018 at 11:40am
Back to Top
Wagner R. Landgraf View Drop Down
TMS Support
TMS Support
Avatar

Joined: 18 May 2010
Posts: 2310
Post Options Post Options   Quote Wagner R. Landgraf Quote  Post ReplyReply Direct Link To This Post Posted: 06 Jul 2018 at 2:42pm
TMS Web Core generates 100% client-side applications. None of the code runs in the server, so you should not and could not connect directly to the database. It's not a limitation of TMS Web Core, but of the (nice) architecture of the app it generates. You have security issue: your database user and password will be available in the browser for everyone to see, and all SQL statements would also be available. And you have technical issue: your users will have to have network access to the database, a client installed in each computer, etc.. 

On the other hand, creating a REST server that published your database is ridiculous easy with TMS XData. It's a matter of minutes, these videos show how it's done:


Back to Top
Kovacevic Zeljko View Drop Down
Senior Member
Senior Member
Avatar

Joined: 28 May 2010
Posts: 288
Post Options Post Options   Quote Kovacevic Zeljko Quote  Post ReplyReply Direct Link To This Post Posted: 06 Jul 2018 at 10:44pm
As it seams to me, the main problem here is that the entire application is actually a JavaScript file. Therefore, security is pretty much non-existent as the client can see everything he wants. Attacker can steal the application and sell it as it's own, analyze the application to do damage etc. And even if I use XData I don't see how the attacker is prevented to do damage as he himself can see username, password and all other relevant information about the intermediary service and manipulate it to do damage in the database itself. Please correct me if I am wrong or missing something here.

Maybe ISAPI/CGI should be offered as alternative outputs instead of pure JavaScript, even at the cost being just for Windows. At least the applications would not be so exposed. JavaScript just seams too risky for anything serious.

And as for the security regarding database connection.. I use user account impersonation and application roles, both in SQL Server. But, each would fail here as all relevant info would probably be in JavaScript file.
Back to Top
Wagner R. Landgraf View Drop Down
TMS Support
TMS Support
Avatar

Joined: 18 May 2010
Posts: 2310
Post Options Post Options   Quote Wagner R. Landgraf Quote  Post ReplyReply Direct Link To This Post Posted: 06 Jul 2018 at 10:49pm
There is no silver bullet. If you prefer to have ISAPI/CGI, server-side generated HTML files, that's fine. That's what has been used for years until the advent of Single Page Applications. 

But to categorize the TMS Web Core solution as "too risky for anything serious" is an overstatement. Single Page Application is a more modern (meaning more recent) solution than ISAPI/CGI. It's what can be done using Angular, Vue.JS, React and many other modern client-side frameworks. It's just a different paradigm, not worse or better, but for sure widely used.
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down