3

Should client applications be coded so that they connect to and retrieve data from the remote SQL database?

Based on my knowledge I would say that is extremely bad practice, and you should have a server application which handles all clients and acts as a central unit for retrieving data - is this right?

Are business information systems ever built without a server application to handle clients?

Sam
  • 586
  • 1
  • 6
  • 25

1 Answers1

3

Depends what's meant by 'client applications'. Internal client applications within a business can often work well by interacting directly with a central database. Of course, certainly make them use read-only credentials unless they explicitly need to write.

An external client application is perhaps another question. If you're distributing, say, an iPhone app I would definitely write an API server to wrap common requests.

The extra layer of abstraction is usually helpful for more than security--consider scalability. What if suddenly you had orders of magnitude more client requests? It's much easier to add caching or other performance enhancements to an API service than to update each client. Much better to build an architecture that can be changed than to tie down to a direct implementation.

Chet
  • 21,375
  • 10
  • 40
  • 58
  • that makes sense! If you have a few spare minutes could you please advice me on the following system: – Sam Jun 28 '13 at 08:42
  • I am building a small business information system (10 clients max), however security is paramount. Would having a central server with the database on and simply building clients so that they directly retrieve the information be "secure" (assuming both parties are authenticated in some manor, maybe SSH?)? the current system they have actually runs the client applications on the server via remote dektop, seemingly with no abstraction, should I consider doing this? – Sam Jun 28 '13 at 08:48
  • FYI - I am a student and building this system for a charity for free (the benefit to me being the experience), just need some guidance XD – Sam Jun 28 '13 at 08:49
  • 1
    My experience with a scenario such as this is that clients should not be able to send SQL commands directly to the server. This is because client programmers are often lazy and have a habit of sending much too complex SQL statements because that reduces the amount of code they need to write for the client. The server is a limited resource but is seldom treated as such. Most of the time anyone can ask the server anything they want. The end result is that the server becomes over-burdened and cannot deliver what is exepected of it. – Olof Forshell Apr 18 '14 at 20:15