[wdmmg-dev] [ckan-dev] Started work on the 'webstore' (a datastore with web API)
Friedrich Lindenberg
friedrich.lindenberg at okfn.org
Mon Jul 18 11:59:51 UTC 2011
Hi,
it seems that David has completed a working prototype [1] of the
postgres-based version of this but I'm still torn over the pros and
cons.
On Sun, Jul 17, 2011 at 1:01 PM, Nick Stenning <nick at whiteink.com> wrote:
> I agree that hacking together some combination of sqla and pysqlite is
> probably not a good solution. However, I'm really strongly in favour of
> keeping sqlite as the backend if at all possible, partially for personal
> reasons (I do almost all my data hacking with sqlite databases and would
> love to be able to upload them direct to webstore) but mainly for reasons of
> isolation.
I also like sqlite as a backend since it reduces the whole system to
"just a bunch of files", which I find very convenient. On the other
hand, the schema isolation, threading issues and even performance
might speak for psql.
> (i.e. users could do SELECT * FROM cra.cra2010 cra JOIN
> "openspending.cofog".cofog cofog1 ON cra.cofog1_id = cofog1.id)
>
> Are you suggesting here that people would be able to SELECT across different
> webstore databases? If so, I'm strongly in opposition to this idea. I
> recognise the elegance in principle, but in practice I think evidence is the
> supposed reuse of data doesn't work ... And I think OpenSpending can testify
> to that. We should prevent users from building queries that rely on *other
> people's schemas*.
Probably true, this is prone to fail. The current implementation does
not allow this, btw.
> So, having told you what I'm not in favour of, here's another suggestion:
> There's one very easy way of ensuring read-only queries against an SQLite
> databases, and that's to connect to them as a unix user with read-only
> permissions. We can then (presumably) catch any errors that arise as a
> result of trying to run read-write queries against them and present a nicer
> error message to the user.
The problem with this is again architectural: flask runs things in a
multi-threaded WSGI pipeline, so you don't have the classical CGI
option of just becoming "nobody" for the time of a request. But maybe
I'm missing something here?
> I'm thinking that maybe webstore could spawn a process as a different user,
> dependent on the authz status of the user making the API request? One user
> has RW access to the db, one has RO.
Do you mean a secondary background daemon or just shelling out to
something? That would be overdoing it IMO, then I'd prefer PSQL.
> There's also some discussion about ensuring that only RO transactions are
> happening at a higher level by monkeypatching sqla
> here: http://www.mail-archive.com/sqlalchemy@googlegroups.com/msg21801.html
> What are your thoughts?
> N
- Friedrich
[1] https://github.com/okfn/webstore/commit/b50b8ab125fb846c01e8c8a13186665bbd539dc3
--
Open Knowledge Foundation
Promoting Open Knowledge in a Digital Age
http://www.okfn.org/ - http://blog.okfn.org/
http://twitter.com/pudo
http://pudo.org
More information about the openspending-dev
mailing list