You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by Daniel Kunkel <Da...@BioWaves.com> on 2006/10/07 19:08:03 UTC
Dual Database Connections for Security and Performance
Hi
I was doing some research the other day, and heard a rather interesting
idea that has me wondering.
The suggestion was for all web applications to open two database
connections, one as read-only, and one with all the normal permissions.
The reader was purported to be faster as well as being automatically
protected from all sql injections because of its limited read-only
privileges.
In addition, this reader could be later assigned to a replicated read
only database in clustered applications which would greatly improve
overall performance.
I don't know which connection would be better to use with transactional
queries.
A link that discusses the small performance improvement in a non-
replicated situation that was observed in an Oracle database.
http://www.dba-
oracle.com/oracle_tips_read_only_tablespace_performance.htm
Is this a worthwhile idea?
Thanks
--
Daniel
*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-
Have a GREAT Day!
Daniel Kunkel DanielKunkel@BioWaves.com
BioWaves, LLC http://www.BioWaves.com
14150 NE 20th St. Suite F1
Bellevue, WA 98007
800-734-3588 425-895-0050
http://www.Apartment-Pets.com http://www.SatelliteRadioZone.com
http://www.Cards-Visa.com http://www.ColorGlasses.com
*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-.,,.-*"*-
Re: Dual Database Connections for Security and Performance
Posted by BJ Freeman <bj...@free-man.net>.
this would be a individual setup.
I don't believe every DB have all these capabilities.
Also since most transaction require r/w only views could be used in read
only. this means changing a lot of code, I think.
Daniel Kunkel sent the following on 10/7/2006 10:08 AM:
> Hi
>
> I was doing some research the other day, and heard a rather interesting
> idea that has me wondering.
>
> The suggestion was for all web applications to open two database
> connections, one as read-only, and one with all the normal permissions.
>
> The reader was purported to be faster as well as being automatically
> protected from all sql injections because of its limited read-only
> privileges.
>
> In addition, this reader could be later assigned to a replicated read
> only database in clustered applications which would greatly improve
> overall performance.
>
> I don't know which connection would be better to use with transactional
> queries.
>
> A link that discusses the small performance improvement in a non-
> replicated situation that was observed in an Oracle database.
>
> http://www.dba-
> oracle.com/oracle_tips_read_only_tablespace_performance.htm
>
> Is this a worthwhile idea?
>
> Thanks
>