10

TL;DR

What are the prospects of writing applications which are completely based on a REST database server (CouchDB) and web applications which directly access the DB instead of having a web server in between?

I recently started looking up some NoSQL databases. MongoDB seems to be a popular choices. I also liked the project.

But I personally liked the REST interface of CouchDB. So what I wanted to know is if there was the possibility of applications (maybe cached apps in web browser, a chrome extension etc.) which could just just query the database directly with no requirement of a webserver in between. All the computational logic would reside in the client application and the database will do what it does, CRUD. Since mostly (I don't know which doesn't) client frameworks support REST queries, it could be a good way of writing applications well optimized for the respective framework. These applications though won't be doing complicated computation, but still provide enough functionality which could replace lots of conventional applications.

Are there existing resources and projects which would help me move towards writing such applications and also the scope and moving towards developing in this way?

Are there any technical/security issues with this?

This post will help me decide to look into project like CouchDB (and maybe Dive into Erlang later) or stay with the conventional frameworks (like Django) and SQL databases.

Update

A specific point of such apps I had in mind is creation of offline applications just by replicating CouchDB data on the client.

Community
  • 1
crodjer
  • 1,039
  • 1
  • 9
  • 10
  • 2
    Not only is this trivial, but all RDBMS support this directly and (very) efficiently without the HTTP-based overheads of REST. What are you asking for? – S.Lott Jun 23 '11 at 13:03
  • @S.Lott I am asking for *anything* which will help me write client-db apps. If you know many efficient ways, please suggest. Obviously every DB server needs a client which accesses it, but to me it seemed CouchDB fits in the best killing the need of ORMs and servers in the middle. – crodjer Jun 23 '11 at 13:36
  • 1
    @crodjer: Oracle, MySQL, PostgreSQL, DB2, etc., all have direct SQL access from client to DB server. No REST. No Web Application. Just pure SQL. Have you looked at their documentation yet? What are you asking for? – S.Lott Jun 23 '11 at 14:01
  • @S.Lott what I want is sort of like the `client`==`web application which end user uses`. So REST seems best way for that. I know these databases can be accessed through their SQL clients and web framework but what I want is no median application. Eg: Maybe a chrome app which directly queries the db server and generates content. With HTML5 and more efficient javascript and frameworks, It feels right if all the computational logic is at one place. – crodjer Jun 23 '11 at 14:30
  • 1
    @S.Lott Browsers can access a remote MySQL server directly? @crodjer I would personally be worried about validation, security and authentication. – Raynos Jun 23 '11 at 14:49
  • @Raynos, [this answer](http://programmers.stackexchange.com/questions/86461/writing-web-server-less-applications/86464#86464) by back2dos provides some affirmation that there is a level of security provided which can be enough for some implementations like games etc. And I am sure that it is not possible to access SQL dbs directly through browser. Otherwise you are providing a really easy interface for SQL injection. – crodjer Jun 23 '11 at 15:01
  • 1
    @Raynos: Where were browsers mentioned? RESTful web services are used by applications (sometimes written in JavaScript, but also written to run on desktops or smartphones.) Using raw SQL from an iPhone app through the internet to MySQL is trivial. It's directly supported out of the box. That's why the question is so confusing. – S.Lott Jun 24 '11 at 01:33
  • You should read this: http://blog.couchbase.com/whats-new-in-couchdb-1-0-part-4-securityn-stuff – back2dos Jun 23 '11 at 13:00

5 Answers5

4

You might like to read the write-up here.

The summary:

This was an experiment to see how easy it is to develop a simple Web site using CouchDB and (almost) nothing else. Ely Service is essentially a static Web site, and hence barely exploits any of the roaring power of CouchDB's B-Tree index or its distributed capabilities.

Peter K.
  • 3,828
  • 1
  • 23
  • 34
  • 3
    +1 for taking me to [couchapp](https://github.com/couchapp/couchapp). HTML5 + python support would have been exactly the things which I would have looked for after the database. – crodjer Jun 23 '11 at 13:39
4

it depends on how much you trust public users to CRUD all over your database objects. You still need an access API over your db to validate what operations are valid/permissible and which are not. That is why people create service tiers between clients and databases in the first place

now, i don't know CouchDB enough, but i don't think it takes into consideration such complex business permission logic by default. But even in that case, then the database is the web server too, you are just encoding the business logic differently

lurscher
  • 341
  • 3
  • 13
0

Even if you have a server layer to validate user read/write access to data, you would still risk someone manipulating your client side code in order to submit invalid data.

Any business constraint you may want to ensure should be validated server side. For example:

  • dates within valid ranges
  • valid names
  • block update to objects in a given state (like to avoid placing orders for items out of stock)
  • and any other business constraint you can think of.

All of these could be easily bypassed if you just have write permissions and all of your logic is client side.

Jbm
  • 417
  • 4
  • 6
0

I read this CouchDB guide

The Standalone Applications page says it all.

From the page:

Because design documents can be replicated, whole CouchApps are replicated. CouchApps can be updated via replication, but they are also easily “forked” by the users, who can alter the source code at will.

These application are infact already more popular than I thought.

Update

It seems that this guide can answer most of my doubts and questions. I didn't read it in the first place, assuming it will only be a reference for the api and how to use the database. But it provides a really good overview about the CouchDB project.

Community
  • 1
crodjer
  • 1,039
  • 1
  • 9
  • 10
0

So, you want to write client/server apps in HTML with some kind of JS framework? I guess that'd work, although I'm not sure I see the advantage over a simple web server. You've already got a server for the database, why not run Jetty or ligHTTPD to serve up some simple pages?

TMN
  • 11,313
  • 1
  • 21
  • 31