I've got a question related to oracle database and working with an API/web service to extract data from said database for use.
My experience in the area is limited so I'm hoping for some discussion here about it. My goal is to create a web service that has several fields and the should all fields submitted match an entry in the database, the program should return something positive, lets just say "true". If false, it will identify that there is a problem with the input.
My understanding right now is I can first use an API to expose the data, which I can then manipulate and query-check with a web service? Correct me if I am wrong with this general/overall plan. Moving on from this, if anyone have any relevant advice or programs that might prove to be useful here, but the main goal of posting this is to get a high-level understanding of the process.
Also, the plan is to use REST/JSON services here. Thanks all.
I am also not very skilled yet but if I correctly understand your question the answer could be ORDS
I found many essential informations here
With ORDS is possible to POST a request associated with a store procedure that do all the validations that the client can't do.
Related
I am working on a project and one of the key components is creating customized user profiles. I already have a schema design for the user data that will generate said profile. But I am lost on how the technology works.
I am mostly front-end so it has been sort of overwhelming. The goal is to allow multiple user profile creations and so far I have only seen that this can be achievable via NodeJs or PHP. I have not found any guides.
I am not sure if I am asking the right questions.
Any help is appreciated. Thank you.
Since you mention you already have schema for the user table, I assume you are going to design your own database and backend node.js API to handle user profiles. You may want to build authentication functionalities in the future. If you are not familiar with Node.js yet, I recommend you to start with https://www.tutorialspoint.com/nodejs/index.htm. It's a good tutorial for beginners.
The whole purpose of a back-end node.js API is building numbers of service with specified route. Once a http request is made to a particular path, it takes parameters and execute some script. In you case the scripts will do something in database containing user profile data, for example, add a row in your data table. This operation is equivalent to creating a new user. Then, the API send response to front-end.
Keep in mind maintaining user profile data is nothing special than regular data. You should be able to pick it up with a couple of days training if you know javascriopt. But if you have to build authentication functionality you need more technologies.
I am very new to database design and structuring - I have had no formal training and am purely self taught so I apologize in advance if this is a bland question.
I am designing a web app and am thinking to the future as users will have to be able to interact with each other sharing part of their data. I am wondering if there is a standard convention to controlling access to tables in MySQL and how I should generally tackle this problem with code written in NodeJS, ExpressJS, KnexJS, and BookshelfJS.
For example: a user will be matched with another user, both users will be able to see location, favourite book, etc but not able to see last name, birth date. etc.
How do I control this?
If anyone could point me to a few resources they have found helpful that would be great as well.
You seem to have learned a bit of MySQL and its access control features. Well, database user level access control IS NOT used by modern applications -- that could make resource management, like connection pools, very hard to implement. Usually SQL databases backing web applications have a single or, at most, two users: one for general data access and one for admin purposes.
The kind of access control you mentioned MUST be handled by your application code, YOUR code. There are libraries that help take care of authentication (e.g. passport) and authorization but ultimately it is YOUR CODE responsibility.
So my answer to your "How do I control this?" question is:
With YOUR code.
This is the whole point of Software Development.
I'm new to webdev and I'm trying to use passport for registration/authentication on a site I'm setting up. I'm also going to write an application in node later on that will be using some of the user data (users will need to provide an API key for an account on another site that I will use to pull data into the application).
At the moment, the main issue I'm having is figuring out what goes where. I've found plenty of resources that explain how to create an app using passport, but nothing shows how it would be incorporated into your website or where the files should be in relation to your website. I'm relatively new to Node.js, and while I've written a few small applications I have never hosted them anywhere.
Bonus question: I'm using MongoDB with passport and I was also planning to use it to store some JSON my application will be receiving from API calls. However, I wanted to use MySQL to store some data as well. More specifically, I'm planning to save the raw JSON then I'll create a relational database out of the data I need from the JSON and then keep the rest in MongoDB for easy access. Is this common/smart, or should I focus on keeping everything in my MongoDB? I'm relatively new to NoSQL.
Thanks in advance for any help.
I would reference this tutorial. I just recently used this to help myself with a new application. Also there is an example of the same thing but in SQL here. So not sure what you mean by " where the files should be in relation to your website". The information related to to authentication should go in your database.
To your "bonus question" you can use two databases. The key here is to ask yourself why and what are the true needs for data, and how is this data accessed and used. From ground up I would like one and stick with it. If at some point later you realize a certain type of data would be better in a different database then you can add it.
Side note: look into an IDE such as webstorm to help you out.
At the moment I am working on a CRUD app that I am going to deploy (someday) and use for my own startup company. However I am nowhere near finishing this product and I stumbled upon a question that I can't seem to figure out.
I am using Express to serve angular the data out of my MySQL database. To do this I had to create '/api/' routes. However if I go (for example) to '/api/clients' I will be able to see the entire list of clients in an ugly array. In this case that does not really matter since it's just the data they were able to see anyways.
However my question is, is it important to block these kind of routes from users? Will problems arise when a user goes to 'api/createClient'? Could this result in a DB injection that could ruin my db?
My project can be found here: https://github.com/mickvanhulst/BeheerdersOmgevingSA
The server-side routing code can be found: server > Dao > clientDao.js
Controllers, HTML & client-side routing can be found in the 'public' folder.
I hope my question is clear enough and someone will be able to answer my question. If not, please state why the question is not clear and I will try to clarify.
Thanks!
Looking at the code, it looks like your URLs can directly be accessed using browser and if yes, then this does pose a security concern.
Doing DB transaction with the user provided fields or values is major security concern, if these data are not validated and sanitised before making a database call.
I would recommend following minimum steps to follow before crafting APIs which is internal but can be accessed using browser -
If this is internal, then do not provide HEADER ACCESS CONTROL from the server or keep it confined only to your domain name. This prevents any ajax call to be made to your APIs from another domains.
Do sanitise and validate all the data thoroughly before doing any kind of database transactions. There are lots of material on this everywhere on how to do it.
If these APIs are meant to be used for internal purpose, then kindly provide some kind of authentication to your APIs before doing the logical work in your routes with the help of middle-wares. You can leverage cookie authentication for very simple API authentication management. You can also use JSON Web Tokens, if you want a more levels of security.
If you are manipulating your databases then I would highly recommend to use some kind of authentication in your APIs. Ofcourse, point number 2 is must.
I am developing social networking website now a days. for that I am using MySql
as my primary database and neo4j as in-memory database. I am using node.js and
(for neo4j)
too.
Now I have a some doubt regarding data modelling for neo4j. I want to give some feathers
to my users like friends suggession, mutual contacts and searching. This all stuff I have
implimented with My-Sql. But due to some performance issue, I would like to store
friends and it's relations related data in to neo4j.
For that I have stored my User's nessessory information into neo4j as node.
I have already primary key in mysql database. and here neo4j also have it's own id system.
So how can I bind this both ids togather.
I have read this blog (https://github.com/aseemk/node-neo4j-template/blob/master/models/user.js)
and trying to do as he mentioned in his blog.
Second thing is How to give suggession list to my user from neo4j database.
Right now I am giving UserName with his/her Image and mutual friends count (with login user)
and city in suggession list. I don't understand How I do this with neo4j within node.js?
I have read many blogs and watched many videos over internet. but still I am not getting any idea to do this work.
Can some one help me or can suggest me to where can I get proper information regarding this? I am very much confused and frustrated, and not getting any clue to achive my task.
Sorry for my bed English.
For your first question, take a look at http://blog.neo4j.org/2013/04/data-migration-between-mysql-and-neo4j.html and see if you could apply similar principles.
To send back suggestions based on your Neo4j model, you could consider exposing a REST api for example, which basically operates over your graph database by querying/collecting information and then returning it. Your application then just talks to the API rather than deal with two underlying stores.
As you've already figured out, the driver for Node.js is https://github.com/thingdom/node-neo4j and you can use that to talk to Neo4j.
Perhaps you could provide more details on what exactly you're stuck with?