Click here to Skip to main content
15,867,308 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I designed a MSSQL database to be used by an application I developed with c#. Later a requirement came for me expose some data to another application developed by a different developer of another department. The application of that developer is web based. He requested I exposed the data via database views which I'm reluctant to do. The data exposed will be just for displaying on the web. Data may be sent back from the web app to the database which I intend to use views and or stored procedures to do that.
My questions are
1. Are my decisions right? - And why yes or no)
2. Is exposing the views and functions to him secured?
3. Do you suggest I design an API for that? ( Recommendations needed.)
4. How do I validate the data received from the web application?
Other suggestions are welcome.

What I have tried:

Still thinking of how to do that
Posted
Updated 31-Oct-16 0:53am

All valid questions, however, they can only be anwered by the Business needs and security policies and not really from a technical perspective. Hence we will not be able to answer this for you.

MS SQL can handle all the security needs you may come across with views to protect the data etc.

Hence you need to answer for yourself why you reluctant to do this from a security or business reason. The technical solution comes secondary on (or will depend on ) the business needs.

Validation means are many and varied from the WEB program itself to temporary storing data in transition tables for a seperate validation process.

Again it depends on your own situation and the needs.
 
Share this answer
 
Don't quite understand why you don't want to use a view. After all the view is originally designed to handle for example security questions. With a view you can control what rows and columns the using application can see or update. Also the user of the view does not need to have any access to the originating tables.

Then again if the queries are complex and you need to be able to update the data then a view may not be a good choice. A bit more complex query easily becomes non-updatable in the view. In such situation you can only run SELECT statements using the view. If this would be the case then stored procedures give you more flexibility what comes to data handling.
 
Share this answer
 
Comments
kwaku Emma 31-Oct-16 4:22am    
Thank you for that. I thought it wasn't proper to use views.
Wendelius 31-Oct-16 5:52am    
Is there any specific reason you had in mind? I'm asking this since the technology to choose always depends on the requirements.
You should probably not expose the database structure to another application - so no Views, no Tables etc.
If you do, you'll be tightly-coupling both applications - if th data structure changes for some reason, you'll likely break the other application.

Instead, consider exposing functionality via a WebAPI. hat way, if your applcation changes, you can compensate in the WebAPI & not break the other application.
 
Share this answer
 
Comments
F-ES Sitecore 31-Oct-16 7:16am    
You can use stored procedures to provide that level of abstraction without the considerable overhead of a webapi, in terms of both development and performance.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900