1

I want to develop a C# web application that will allow customers to go online to view current inventory levels for a retail shop I have. The shop uses a POS system with a SQL Server backend.

The app would be hosted outside the firewall on a separate server. I'm wondering if it'd be more prudent from a security and/or performance prospective to create a local DB script that replicates the requisite data out to a separate DB (likely on the same server the app is hosted) refreshing every 10-20min or so, than to simply have the web app talk directly to the live POS database.

I can't afford to have the app impact the performance of the POS system in any way. The app connection would be read-only and limited to that sole inventory table, but even with pooling I'm unsure if a few hundred web users pinging the live DB would impart any latency or undesired effects.

RyanMac
  • 767
  • 1
  • 6
  • 18
  • That means the data users see can be 20 minutes old. If that's ok then the obvious answer is yes, go for it. – Tengiz Nov 26 '12 at 17:46

1 Answers1

2

If your web application is strictly read-only, then you can have perfect security by having the web application have only datareader permissions on your POS database - no replication or other complicated steps will be necessary.

As for performance - even a basic (Core i3, 5200rpm HDD, 2GB RAM) server can handle a few hundred simple SQL queries per second for a modestly-sized database. Considering how modern database servers cache a lot of data in RAM it means that read queries are amazingly cheap.

Dai
  • 141,631
  • 28
  • 261
  • 374