Hi,
Le 09/08/2013 23:37, Dragan Espenschied a écrit :
Putting base64 encoded strings into a database makes no sense, because you can't
use most of the db's functions on the actual user input then.
several month ago, I wrote a small webservice (.py of course) that gets
all its input in json/base64. To achieve this task, I used postgresql's
base64 native decoding routines to fill temporary tables with freshly
decoded data, then validated all the data with constraints and insert it
in the main database when all the data is pre-validated.
To be honest, getting all the data in temporary schemas is not to do
with a small conventional database but in my case I made all my
validation in small temporary schemas dedicated for every sessions
web.py handles where all the possible data validation is done before the
final insert. The cost of base64 decoding on user input compared to the
cost of a constraint on a million lines tables is not exactly balanced !
I got a huge performance improvement and a new way to manage my web
trafic with multidimensionnal data quickly readable with jpivot and
other tools of datamining. Thanks to temporary schemas, all the indexes
are dedicated for read. Plus, postgresql is vastly scalable !
The idea to get to an efficient base64 decoding with the sgbd is to use
the most native functions to decode the string nearest to the end of the
road, you see what I mean ?
With postgres, using a strategy like this one offers good options:
db.execute('insert into table (blabla) values
(convert_from(decode(%s,'base64'), 'UTF-8'));', (b64encode(myvalue),))
The b64 data is unpacked directly inside the database and cannot be
escape by any kind of data. Even binary data becomes trivial (but fairly
bigger !).
Does a small patch brewing base64 automation for db inserts interests
someone ? I think I have that somewhere, that would cost almost nothing
to me to rewrite it in web.py's db component. My python skills are not
better than my english, I hope there won't be much rewriting to get
something in good shape. :-$
By the way, folks, have a good day !
Christophe NINUCCI.
--
You received this message because you are subscribed to the Google Groups
"web.py" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/webpy.
For more options, visit https://groups.google.com/groups/opt_out.
