* On Thu, Mar 19 2009, Adam Witney wrote: > Hi Bill, > > This is using PostgreSQL. The other apps are fat clients that can pull > data from external sources, it was therefore necessary to have the > security levels built into the database.
Actually, there is really no reason to rely on the database for this. You can always put some sort of app in front of the database that does this. In the case of a fat client and a Catalyst app, the design would be something like this. You write a library that handles users, access levels, and so on. Then, you write a thin RPC server that sits between the database and fat client that uses this library to control access to the database. You speak SQL between the RPC server and the database, and something else between the fat client and the RPC server. (This is preferable to talking directly to the database for a number of reasons -- you can change the structure of the database, add transparent caching, and so on without the fat client ever knowing.) For the Cat app, you do the same thing -- when talking to the database, use the library that the RPC server uses, or just use the RPC server. (Both approaches have advantages.) There is a little bit more code to write, but you increase the flexibility of the system. All your rules are now written in easily-testable Perl instead of some variant of SQL. You can change the backend, and the frontend won't care. You can add caching, you can add your own master/slave replication, whatever -- everything is abstracted. Loose coupling is good! Tight coupling is bad! Anyway, there is no reason to throw away good software engineering principles simply because someone mentioned the word "database". Using the database for anything other than storing and querying data is a waste of effort. It's like writing all your software in CPU microcode, simply because it's the lowest level possible. You *can* do this, but why not use something higher-level? Everything is easier that way. Regards, Jonathan Rockway -- print just => another => perl => hacker => if $,=$" _______________________________________________ List: [email protected] Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
