tags:

views:

265

answers:

3
+7  Q: 

Why should a developer use web services instead of direct connections to a db?

I'm looking for a "top ten" list of reasons why we should be connecting to remote databases via web service instead of directly connecting to the db. This is an internal debate right now and I'm pro-web service but loosing the argument. I have a basic grasp of WCF / web services, no one else does. We can do whatever we want moving forward but we need to stick with whatever we choose now.

Here is what I've come up with. Any more?

  1. WCF web services can, if configured correctly, be more secure.
  2. Changes to the DB only need to be made at the service level (config file or recompile service).
  3. Once setup and hosted, web services are easier to consume.
+3  A: 

In my opinion, you should not automatically be exposing your database as a web service. If it turns out you need a service to expose your data, then write one, but not all database access should be done through web services.

  1. There is no reason why a database connection should not be secure
  2. You can encapsulate the database in a data access layer (possibly Entity Framework)
  3. Web services are no easier to consume than a well-written data access layer.
John Saunders  2010-01-26 19:45:31
Why necessarily XML? There's also much lighter to parse JSON, CSV for simple flat data, etc...
DVK  2010-01-26 20:02:28
It's not "for no good reason". As noted about, depending on your requirements and desires for future development, it might be necessary for your project.
Chris Stewart  2010-01-26 20:20:08
+8  A: 

  1. Security. You're not granting DB access to anyone but web server/app user.

  2. DB load reduction. Web service can cache the data it retrieved from DB.

  3. Ability for fault tolerance - the service can switch between primary/DR data sources without having details of fail-over be implemented by service consumers.

  4. Scalability - the service can spread requests between several parallel data sources without having details of the resource picking be implemented by service consumers.

  5. Encapsulation. You can change underlying DB implementation without impacting service users.

  6. Data enrichment (this includes anything from client customization to localization to internalization). Basically any of these might be useful but any of them is a major load on database and often very hard to implement inside a DB.

  7. May or may not apply to you - certain architecture decisions are not DB acces friendly. E.g. Java Servers running on Unix have an easy access to a database, whereas a java client running on a Windows PC is not database aware nor do you possibly want it to be.

  8. Portability. Your clients may not all be on the same platform/architecture/language. Re-creating a good data access layer in each one of those is harder (since it must take into account such issues as above-mentioned failovers/etc...) than building a consumer layer for a web service.

  9. Performance tuning. Assuming the alternative is clients running their own queries (and not pre-canned stored procedures), you can be 100% sure that they will start using less than optimal queries. Also, if the web service bounds the set of allowable queries, it can help with your database tuning significantly. I must add that this logic is equally applicable to stored procedures, not unique to web services.

A good list can also be found on this page: 'Encapsulating Database Access: An Agile "Best" Practice'

Just to be crystal clear - some of these issues may not be applicable to ALL situations. Some people don't care about portability. Some people don't need to worry about DB security. Some people don't need to worry about DB scalability.

DVK  2010-01-26 19:45:46
Sorry, disagree. 1. So you grant DB access to a group instead of a single principal - no difference. 2. Any app can cache data. The kind of data that can be cached across multiple users will usually be low volume data in any case. 3. FT should be handled by the database in any case. 4. This is not an out of the box feature, and has to be programmed. 5. Your data access layer should be doing the encapsulation. 6. Same thing. 7. Really? JDBC doesn't run in a client? 8. Good point, when it matters, which is rare. 9. query vs. SP was not part of the question.
John Saunders  2010-01-26 23:45:08
1. Try managing that across 5000 users with hundrends of roles. Does not scale so well anymore. 2. Depends entirely on an app. Our current case has an instance of caching results of a query which in uber-optimized case takes 20 minutes to run and which we need to run 100s of times a day at least from different apps. 3. FT is handled on a bunch of levels. What do you mean "should be handled by a database"?
DVK  2010-01-27 13:43:12
4. Of course it has to be programmed. But it can be programmed into the service once, or into a zillion client apps on various platforms with varying capabilities. There's a major difference. Never mind the issues of configuration management for load balancing. 5. Same reasoning. You don't need to re-implement DAL. Matter of fact, you can just think of the web service as a portable DAL to ease your mind. 7. We don't want every client opening DB connections. Is that such a big thing to ask for? Again, you're forgetting points 1-5.
DVK  2010-01-27 13:47:45
8. >1 client architecture happens VERY often. Matter of fact I never worked on a project without such a situation in my life, but I'm centered in financial world. 9. It was not. I was basically playing devil's advocate.
DVK  2010-01-27 13:48:51
A: 
  • Web Services form an API, defining the allowed interactions between external systems and the application's data.
  • Web Services decouple the database from external interactions and enabling the data layer to be managed independently of those outside influences.
  • Allowing access only by Web Services ensures that application logic gets the chance to execute, protecting data integrity.
  • Web Services allow the most appropriate authentication/authorization measures to be taken, as opposed to a database requiring a username and password/table level privileges.
  • Web Services provide an opportunity for automatic service discovery and configuration to be used.
  • Web Services traffic can be encrypted for transit over unsecured networks. Don't know of any direct DB connection solutions that enable that...?

Most of these points go for any formal API, not specifically Web Services.

Brabster  2010-01-26 19:47:11

related questions

Displaying Version Information in a Web Service
Example Web Service
SoapException: Root element is missing occurs when .NET web service called from Flex
Best practice for webservices
What is your preferred method of sending complex data over a web service?
.Net - Returning DataTables in WCF
Is it possible to return objects from a WebService?
How much extra overhead is generated when sending a file over a web service as a byte array?
Returning Large Results Via a Webservice
File Uploads via Web Services
best way to persist data in .NET Web Service
What is the difference between an endpoint, a service, and a port when working with webservices?
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Where can I find some good WS-Security introductions and tutorials?
ASP.NET Web Service Results, Proxy Classes and Type Conversion
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
Document or RPC based web services
How to easily consume a web service from PHP
Timer-based event triggers
How to pass enumerated values to a web service
Homegrown consumption of web services
How do I print an HTML document from a web service?
How do I fill a DataSet or a DataTable from a LINQ query resultset ?