[ckan-dev] Started work on the 'webstore' (a datastore with web API)

Tue Jul 12 11:38:43 UTC 2011

Hi Francis,

its exciting to hear you're considering webstore as one alternative
for ScraperWikis backend store. This kind of sharing was the original
intention behind the project and I have a bad conscience for dropping
the RPC API you guys had in the original webstore. It could, however,
be added on as an option.

On Tue, Jul 12, 2011 at 1:14 PM, Francis Irving <francis at scraperwiki.com> wrote:
> On Thu, Jul 07, 2011 at 09:08:47PM +0200, Friedrich Lindenberg wrote:
>> Its ugly. At the moment, the model is: you can run SQL on *your own*
>> databases and since these are currently SQLite, isolation should not
>> be a problem. SQL write is intentionally modelled as a PUT operation
>> which puts a high cost on using it and might help to reduce the danger
>> of simple CSRF. I'm really unsure we want SQL-executing JS apps at all
>> - and if so, the SQL statements must be parsed or run on a read-only
>> DB connection.
>
> That's a bit timid!
>
> Surely the whole benefit of using an SQL database is to allow arbitary
> SQL calls in URLs, and the ability to call them directly from
> Javascript?

Ok, if thats a strong use case for you, we should pursue it! I just
noticed we didn't actually need it for the scenarios I have, but that
may have been naive. Since I wrote this message, webstore has received
some authorization features that could be used to open a DB either RW
or RO depending on who is accessing it - thus enabling us to do safe
queries.

> We're just having a discussion here on whether design goals between
> OKFN's webstore, and the ScraperWiki datastore are long term in common
> enough that we should move to use the webstore, or not.

I think this would be fantastic, let's find out how it can be done!

- Friedrich

-- 
Open Knowledge Foundation
Promoting Open Knowledge in a Digital Age
http://www.okfn.org/ - http://blog.okfn.org/

http://twitter.com/pudo
http://pudo.org