[ckan-dev] Started work on the 'webstore' (a datastore with web API)

• Previous message: [ckan-dev] Started work on the 'webstore' (a datastore with web API)
• Next message: [ckan-dev] Started work on the 'webstore' (a datastore with web API)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jul 07, 2011 at 09:08:47PM +0200, Friedrich Lindenberg wrote:
> Its ugly. At the moment, the model is: you can run SQL on *your own*
> databases and since these are currently SQLite, isolation should not
> be a problem. SQL write is intentionally modelled as a PUT operation
> which puts a high cost on using it and might help to reduce the danger
> of simple CSRF. I'm really unsure we want SQL-executing JS apps at all
> - and if so, the SQL statements must be parsed or run on a read-only
> DB connection.

That's a bit timid!

Surely the whole benefit of using an SQL database is to allow arbitary
SQL calls in URLs, and the ability to call them directly from
Javascript?

We're just having a discussion here on whether design goals between
OKFN's webstore, and the ScraperWiki datastore are long term in common
enough that we should move to use the webstore, or not.

Francis

• Previous message: [ckan-dev] Started work on the 'webstore' (a datastore with web API)
• Next message: [ckan-dev] Started work on the 'webstore' (a datastore with web API)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]