Tzahi Fadida wrote: > I am interested to know if SQLAlchemy is considered production ready, > at least the ORM and the basic CRUD SQL queries areas and transactions. > (and the connection to PostgreSQL). > Well, at least compared to SQLObject. > Obviously SQLAlchemy is more powerful but sometimes you have to sacrifice > features for stability.
I would be wary of using SQLObject in production because of its non-use of bind variables, and thus its potential vulnerability (and, in the case of PostgreSQL with unicode strings which can be passed in unfiltered from untrusted sources, actual vulnerability) to SQL injection attacks. Additionally, there is a rather massive performance impact on account of this same decision -- I've seen Oracle logs indicating that 50% of the time spent by the database was soft parse time, which would have been one-time-only per query (as opposed to per instance of a given query) otherwise -- and other issues as well (the same Oracle-based app occasionally generated query strings over Oracle's length limit, causing crashes which never would have occurred had the database access layer been written by someone with clue). There *have* been bugs fixed in SQLAlchemy, while I've been watching it, which would give me pause in going to production (the Queue locking issue comes to mind) -- but since there are folks in production with it already finding those bugs, they're not such a risk as would be the case otherwise. My inclination (and decision with regard to my own app): Take SQLAlchemy to production, but load-test first to try to flush out bugs related to locking, threading, &c. Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Sqlalchemy-users mailing list Sqlalchemy-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlalchemy-users
