|
|
|
|
|
|
by captain-asshat
5286 days ago
|
|
|
This problem has already been solved; it's called OData (http://www.odata.org/). Personally, I've been using it with Microsoft's new Web Api to great benefit. It provides a very rich query API on top of basic http, and as you can see works naturally with REST services. I'm not aware of how other frameworks provide OData support, but some quick googling reveals that most web frameworks have odata libraries available. It's an incredibly bad idea to allow SQL directly, for obvious reasons (would require executing user provided SQL among other things.) I believe that having a single REST api that serves multiple front-ends (web, mobile, thick client etc) is the future as it removes the need to maintain an entirely different codebase just for a web interface. Indeed, many major websites have moved to this model. |
|
|
Could you elaborate on this? I've been thinking about providing SQL access to a data-heavy service, but I keep hearing that you never should.
(Almost) all servers have granular access-control, views can further provide limited views of the data, SQL itself is mostly declarative, which makes it possible to analyze the queries before running them, and logging and setting limits on long-running queries is standard.