Recently I have been developing a system to run a high secured database (using vb.net and SQL Server 2005). I want to increase the security of the database so no connection will be made directly to the database but instead a HttpWebRequest
is sent to a web service which then connects to the database and returns the requested data table in XML format.
最近我一直在开发一个运行高安全数据库的系统(使用vb.net和SQL Server 2005)。我想增加数据库的安全性,因此不会直接与数据库建立连接,而是将HttpWebRequest发送到Web服务,然后Web服务连接到数据库并以XML格式返回请求的数据表。
My concern is just about the performance, I can not decide either to let clients connect directly to the database or let the connection go through the web service.
我关心的只是性能,我不能决定让客户端直接连接到数据库,还是让连接通过Web服务。
I can make the connection go directly to the database for many reasons, let say that connection is through the service:
我可以将连接直接转到数据库有很多原因,假设连接是通过服务:
- Will it give me a better performance?
- 它会给我一个更好的表现吗?
- Will the size of retrieved data will be larger than the regular response of the SQL Server?
- 检索到的数据的大小是否会大于SQL Server的常规响应?
Any ideas about this will help a lot, thanks in advance.
任何有关这方面的想法都会有所帮助,在此先感谢您。
2 个解决方案
#1
0
1) Through the WebService, it will not give you a better performance, since it's adding a layer of code between your client and the database.
1)通过WebService,它不会给你更好的性能,因为它在你的客户端和数据库之间添加了一层代码。
2) Since webservices use an envelope and a header, my best guess would be that the data is bigger. Unless you have large sets of data, it shouldn't hurt your performance too much.
2)由于webservices使用信封和标题,我最好的猜测是数据更大。除非您拥有大量数据,否则不会对您的性能造成太大影响。
Nevertheless, I would still use a WebService, to avoid exposing my database directly to the internet, thus limiting security breaches. Also, using a webservice allows you to write your security rules in it, and discard possible code injection and other security threats before it can reach your database.
尽管如此,我仍然会使用WebService,以避免将我的数据库直接暴露给互联网,从而限制了安全漏洞。此外,使用Web服务允许您在其中编写安全规则,并在可以访问数据库之前丢弃可能的代码注入和其他安全威胁。
#2
0
Using web service is a best choice but this need to be used wisely. You cannot just have a web service and start downloading data through it. A bad design/architecture may hit performance as well as security.
使用Web服务是最佳选择,但需要明智地使用它。您不仅可以拥有Web服务并开始通过它下载数据。糟糕的设计/架构可能会影响性能和安全性。
If you can share some more details about your scenario, i.e., number of clients that can connect to web service, frequency of connections, volume of data, then i can suggest you some architecture.
如果您可以分享有关您的方案的更多详细信息,即可以连接到Web服务的客户端数量,连接频率,数据量,那么我可以建议您使用一些架构。
#1
0
1) Through the WebService, it will not give you a better performance, since it's adding a layer of code between your client and the database.
1)通过WebService,它不会给你更好的性能,因为它在你的客户端和数据库之间添加了一层代码。
2) Since webservices use an envelope and a header, my best guess would be that the data is bigger. Unless you have large sets of data, it shouldn't hurt your performance too much.
2)由于webservices使用信封和标题,我最好的猜测是数据更大。除非您拥有大量数据,否则不会对您的性能造成太大影响。
Nevertheless, I would still use a WebService, to avoid exposing my database directly to the internet, thus limiting security breaches. Also, using a webservice allows you to write your security rules in it, and discard possible code injection and other security threats before it can reach your database.
尽管如此,我仍然会使用WebService,以避免将我的数据库直接暴露给互联网,从而限制了安全漏洞。此外,使用Web服务允许您在其中编写安全规则,并在可以访问数据库之前丢弃可能的代码注入和其他安全威胁。
#2
0
Using web service is a best choice but this need to be used wisely. You cannot just have a web service and start downloading data through it. A bad design/architecture may hit performance as well as security.
使用Web服务是最佳选择,但需要明智地使用它。您不仅可以拥有Web服务并开始通过它下载数据。糟糕的设计/架构可能会影响性能和安全性。
If you can share some more details about your scenario, i.e., number of clients that can connect to web service, frequency of connections, volume of data, then i can suggest you some architecture.
如果您可以分享有关您的方案的更多详细信息,即可以连接到Web服务的客户端数量,连接频率,数据量,那么我可以建议您使用一些架构。