Hi Kee,
I am aware of Rev having XML capabilities, but because of a whole bunch
of SQL requirements I have kept it in the back of my mind for future
investigation.
I will have to look at the Solaris 10 environment and see what will run
on a single server with our PostgreSQL database. I am guessing that
Apache will run, and probably PHP (as per Dan's recommendation). I will
look into it further.
Thanks
John T
kee nethery wrote:
I'd suggest a standard HTTPS connection and just pass it XML as part
of a POST. Simple, easy to troubleshoot with a browser. SOAP is a
complication and there is really no need for it.
Your project sounds like fun.
Kee
On Jul 13, 2006, at 5:34 PM, John Tregea wrote:
Thanks Kee,
While the database structure is complete, the front end is not, (that
is why I am evaluating Rev), I believe python is a good tool to
connect to the database, but not sure if it is used by any other
Revolutionaries or if anyone can say what has worked well for them? I
believe SOAP is used by some as well?
Regards
John T
kee nethery wrote:
If I were you ... starting from the database working outward:
Build a CGI that talks to your database. Host that CGI on your
servers. Give it the ability to access your database with a username
and password that only it knows and give it the ability to execute
any SQL that makes sense.
Have your app talk to the CGI. Have it log in either with a stored
password in the app or have the user enter a password that you give
to them, or both.
Have your app only send requests for SQL to be run. Don't send the
SQL, send the name of the SQL and the parameters. For example:
SelectGameScores
Team = Dallas
Year = 2006
That gets converted in the CGI into
SQL = "select date,teamA,teamB,scoreA,scoreB from teamScores where
date >= 'Jan 1, {year}' and date <= 'Dec 31, {year}' and (teamA =
'{team}' or teamB = '{team}')"
SQL submitted = "select date,teamA,teamB,scoreA,scoreB from
teamScores where date >= 'Jan 1, 2006' and date <= 'Dec 31, 2006'
and (teamA = 'Dallas' or teamB = 'Dallas')"
Just make sure you do some validation in the CGI on the parameters
that come in to prevent SQL injection.
If you do this, it doesn't matter if they can get direct access to
your CGI, they can only run the SQL you have predefined.
Kee Nethery
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your
subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your
subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your
subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
