2

i am going to develop cloud based application in java, i have Linux web server with mysql installed

so i come up with 2 different ways to query database, both solutions are communicate trough http requests and both methods have their own advantages and disadvantages

i am using below example for demonstrate solutions

database on the server 

-- fruit--
name    price
Apple     10
Banana     5
Mango      4

lets say i want to get all the fruit items from database

Solution 1 : write database access class using PHP in Server side and let java application send query via http requst
ex:- java application will send query SELECT * FROM fruit then server side PHP will return query result as `JSON' format

-this is super reusable and can use for any future cloud database access and it is clean code because all the implementations are don in JAVA side except database access

Solution 2 : Write both Fruit class and database classes in server side and let JAVA application to call server side functions via http requests
its like getAllFruits()

-in this way i have to implement all the DAO classes in server side and it is more coding,less re usability in another project also since DAO is implemented in PHP side maintenance effort is higher than solution 1

i think Solution 1 is the best because of re usability and simplicity, i am afraid that database query will be sent via http request which is not feel good for me, so i really appreciate your ideas and comments since i am new to this kind of applications, if you have any other solutions or Advantages and disadvantages i am also open for those

also i was wondering about how other companies implement it

Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119
nicole ino
  • 33
  • 1
  • 9
  • 1
    Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise. I would suggest that you find a development forum (perhaps [reddit](https://www.reddit.com/)?) to work out generalities. Then, when you have specific coding issues, come back to StackOverflow and we'll be glad to help. – Jay Blanchard Jun 02 '15 at 12:22
  • 1
    The first solution is fine, which is what most companies do, i.e have an API server where you can do your CRUD calls. – Mysteryos Jun 02 '15 at 12:25
  • 1
    I flagged this because i think it is opinion based – Coding Enthusiast Jun 02 '15 at 12:26
  • 2
    I agree with Jay, that even this is a legit and good question in itself, SO is not the right place for asking it. Just whatever you do, make sure you don't go with Solution 1. While it is definitely easier to implement, I strongly advise against it. Even if you would run everything over https (rather than http), you're still exposing your database to the web. Anyone, who would reverse-engineer your Java application or analyze traffic coming out of it, would be able to execute ANY query, including dropping your whole database. – martynasma Jun 02 '15 at 12:27
  • @martynasma thanks for your comment, i know that is exposing database to the public web, but i am planing to authenticate requests before processing, so every request will include password for data access, so query will execute only if password matches, so what do you think? is it still unsecured ? – nicole ino Jun 02 '15 at 12:41
  • It is. How do you know your authenticated user won't send malicious SQL queries? – martynasma Jun 02 '15 at 12:46
  • Off-topic indeed, but a nice short answer has been provided earlier: [Best way to access a remote database: via webservice or direct DB-access?](http://stackoverflow.com/questions/5689539/best-way-to-access-a-remote-database-via-webservice-or-direct-db-access) – RandomSeed Jun 02 '15 at 13:36

0 Answers0