Hello all, I've recently developed a simple library database system that allows users to access a database of library books, search them, check them out and more. I've also networked it so a user can access the database remotely with all the same functionalities.
So my question is this: What are the best practices for implementing a database and network in the same application? For example, should I access the database remotely from the client? Or should the client access the server and the server access the database via local host?
I know this is a very very broad topic but I just want to get some ideas on how I could improve the application and implement the same practices in my next project.
If you have any articles or sites that relate to this, feel free to just post the link.
should I access the database remotely from the client?
Let's call this design A.
Or should the client access the server and the server access the database via local host?
And let's call this design B.
Neither design is better than the other. Which one is more appropriate depends only on what you want to build on top of the database.
If the database will have only one client program (multiple instances of which may or may not run simultaneously), design A may be preferable because it's simpler. On the other hand, if the operations being performed by the service require large amounts of data and/or low latency with the database, but yield relatively small results (e.g. some kind of complex geographical query), design B would minimize network traffic and maximize performance.
If the database will have multiple different client programs (e.g. an in-browser application, a desktop application, and a mobile application) design B may make more sense to keep the business logic centralized in a single codebase.
Design B may also be desirable if you want to keep parts of your system secret, for whatever reason.
The best placement is to put the database servers in a trusted zone of their own.
They should allow inbound connections from the web servers only, and that should be enforced at a firewall and on the machines. Reality usually dictates a few more machines (db admin, etc). Obey reality as needed, of course.
They should only be making outbound connections if you're updating software on them.