| From: | Merlin Moncure <mmoncure(at)gmail(dot)com> |
|---|---|
| To: | Kelly Jones <kelly(dot)terry(dot)jones(at)gmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Viable alternatives to SQL? |
| Date: | 2009-08-28 00:01:54 |
| Message-ID: | b42b73150908271701l9c50006uf9ff17a1fd36955e@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, Aug 27, 2009 at 9:43 AM, Kelly Jones<kelly(dot)terry(dot)jones(at)gmail(dot)com> wrote:
> Many sites let you search databases of information, but the search
> queries are very limited.
>
> I'm creating a site that'll allow arbitrary SQL queries to my data (I
> realize I'll need to handle injection attacks).
>
> Are there other viable ways to query data? I read a little on
> "Business System 12" (BS12), Tutorial D, and even something called
> T-SQL (I think), but they all seem theoretical and not fully
> implemented.
>
> I want a query language that non-techies can use easily, but also
> supports arbitrarily complex queries. Does such a language exist?
SQL is your best bet. It is probably the most natural language for
non-programmers to learn and understand. It scales in difficulty with
the problem you are trying to solve and is _much_ easier for non
technical user than something like an ORM. That said, if your site
allows arbitrary queries, sql injection is not your only problem. It
is trivially easy to write a query that can DOS your server (with SQL
access I could take any PostgreSQL server down in about 1
second)....so you need to think about how exactly who your are going
to allow access to your database and how they can access it.
merlin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ow Mun Heng | 2009-08-28 01:49:03 | Is there a function for Converting a Decimal into BINARY ? |
| Previous Message | Karina Guardado | 2009-08-27 22:21:34 | problems with function pg_catalog.btrim(date) |