This event will start with a presentation on “Extensible database APIs and their role in software architecture”, centered around JavaScript. This will be followed by a hands-on interactive workshop. Participants with their own computers will learn how to create a small web application with a database backend, within the session, using only JavaScript. This will be a guided hands-on session using the multi-model NoSQL database ArangoDB and its Foxx JavaScript extension framework. Presenting this workshop will be Max Neunhöffer from https://www.arangodb.com/.
HTML Injection Attacks: Impact and Mitigation Strategies
Extensible Database APIs and their role in Software Architecture
1. Extensible Database APIs and
their role in Software
Architecture
Max Neunhöffer
Education Tech + Cold Beer (SF) 4 March 2015
www.arangodb.com
2. Typical structure of an application
Database ←→ App Server ←→ Browser
←→ Mobile App
(keeps state) (is stateless) (on user’s machine)
Communications flow:
data −→ create view −→ display view
persist ←− react ←− user action
complex queries
different views for different frontends
want to scale DB and app server separately
1
3. Agile development
Facts of life as a software developer/architect
Software grows, we release frequently and quickly, give
rapid feedback, one learns as one goes.
In the beginning . . .
the data schema is unclear
the scope of the app is unclear
the list of front end devices is unclear
protocols are not yet sorted out
performance bottlenecks are unknown
security requirements and problems are unclear
All these are good things!
2
4. Microservices
These days, everybody talks about microservices:
http://martinfowler.com/articles/microservices.html
Features of a microservice architecture
It is a “particular way of designing software app-
lications as suites of independently deployable
services.”
We cut the application into services,
built around business capabilities. They are
independently deployable (fully automatically!)
have well-defined interfaces (often via REST/HTTP),
and typically run in their own process.
3
5. Initial phase: hack away, rapid prototyping
Features:
focused on quick results
the database schema keeps changing
performance does not really matter
no security
the user interface undergoes many changes
often just a single target frontend
4
6. Consolidation phase
Features:
home in on protocols, stabilize them
schema stabilizes
maybe more devices and different front-ends
user interface is understood better
start to think about security
observe first performance problems
add unit tests
5
7. Polishing phase
Features:
quality becomes more important
security as well
we know, which front-ends must be supported
the protocols are fixed and documented
the schema is fixed, we want to enforce it
performance matters
6
8. The role of the Database
early late
schema:
flexible, quick results enforcement
protocol:
use standard API use specialized services
authorization:
does not matter matters greatly (want to be flexible)
security:
does not matter matters greatly (want to be hardened)
performance:
does not matter mission critical
(no real example data) (have a lot of data)
Conclusion: DB needs to change!
7
9. WANTED: (better alive than dead)
a smart database
that can be adapted over time
whose API is extensible
can run performance critical complex queries in the DB,
expose them as data-centric microservices via REST
has configurable consistency
has configurable security features
8
10. is a multi-model database (document store & graph database),
is open source and free (Apache 2 license),
offers convenient queries (via HTTP/REST and AQL),
including joins between different collections,
configurable consistency guarantees using transactions
is memory efficient by shape detection,
uses JavaScript throughout (Google’s V8 built into server),
API extensible by JS code in the Foxx Microservice Framework,
offers many drivers for a wide range of languages,
is easy to use with web front end and good documentation,
and enjoys good community as well as professional support.
9
11. Extensible through JavaScript and Foxx
The HTTP API of ArangoDB
can be extended by user-defined JavaScript code,
that is executed in the DB server for high performance.
This is formalised by the Foxx microservice framework,
which allows to implement complex, user-defined APIs with
direct access to the DB engine.
Very flexible and secure authentication schemes can be
implemented conveniently by the user in JavaScript.
Because JavaScript runs everywhere (in the DB server as well
as in the browser), one can use the same libraries in the
back-end and in the front-end.
=⇒ can implement your own data-centric microservices
10