

Ask HN: Direct DB connections vs a web interface - throwaway1964

We've developed an app (in C/C++ for specialized non-mainstream devices) and we're going to be moving a lot of data to/from the cloud. We have a SQL server hosting our relational database but are considering talking to this database through a web service. What are the pros/cons of this way of doing things?
======
teyc
One of the problems you will encounter is that web apps don't usually log in
as separate database users. Rather, all security is held in the business logic
in the web app. How are you going to prevent users from accessing data that
they don't have permission to.

In addition, you need to prevent users from updating data without permission,
or breaking your database consistency.

Usually, it is safer to put the db access code as business logic on the server
instead of the client. It is roughly the same amount of code, but you don't
have to worry about out of date clients etc.

~~~
throwaway1964
By design, the web service will limit what can be read from/written to the
database instead of allowing the clients to run all sorts of database queries.

~~~
teyc
Sorry. I misread your intent. What type of "direct db connection" were you
considering then?

~~~
throwaway1964
Your points made sense, only that I was clarifying that the web service does
indeed restrict what the client can/cannot do to the database i.e I'm
considering having the clients just make calls to the web service which in
turn does the SQL queries vs the clients having credentials for logging into
the SQL server and actually running SQL queries.

------
petervandijck
(if it applies) you can use a lot of web scaling tricks with a web interface
that wouldn't necessarily work connecting directly to a db (ie. put memcached
on it, etc.)

~~~
throwaway1964
Thanks for your input. I'm in favor of the web interface mainly because of
this very reason. We're not at the point where this is needed but will soon.

