tags:

views:

53

answers:

1
Q: 

The Javascript Datastore Problem

This might sound super crazy but I really want to know if this can be done.

Assume a multi-user site that gives users some tools to build web apps from the site itself (using only HTML/CSS/JS) and share them. Now, if each of the apps were to be assigned a datastore, say just a table for convenience, is it possible to make secure query/insert requests from the app to the backend to write to the assigned table.

Take an example - the app is a small game. The developer wants to record the scores of the users who play the game and wants to use his assigned datastore (see above) for it. Is it possible for the site to ensure that no other app/user can access this datastore? If so, how can it be done?

Edit: Please do note that there are three parties involved - the developer of the app who is a registered user, the app itself which has been granted the datastore and an app user (registered/unregistered) who is viewing the app.

A: 

I think this is the same as using any type of backend datastore for any web app. You could assign the user a unique ID (which they have to validate by logging in) and then manage access to the datastore through AJAX post backs.

Drackir  2010-10-20 16:14:01
There is a small difference, right? The app itself is public. So, the DB write request will be made from the app when it is run (from Javascript).
Amar Ravikumar  2010-10-20 16:16:06
What exactly do you mean by public?
Drackir  2010-10-20 16:19:16
By public, I mean that it can be viewed by anyone. Have edited the question. Hope it makes it slightly clearer.
Amar Ravikumar  2010-10-20 16:21:26
Thanks. I think it's a bit more clear. One way I can think of is using subdomains for each app (perhaps using mod_rewrite in apache or an ISAPI filter in IIS). The subdomains will prevent cross-site scripting even across subdomains and you can use the subdomain in your postback pages to determine which data store should be accessed.
Drackir  2010-10-20 18:27:50

related questions

What language do you use for Postgresql triggers and stored procedures?
Are Multiple DataContext classes ever appropriate?
Which tools do people use to create Data Dictionaries?
Any experiences with Protocol Buffers?
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
How do I index a database field
How does database indexing work?
How do I connect to a database and loop over a recordset in C#?
Editing database records by multiple users
Object Oriented vs Relational Databases
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
Embedded Database for .net that can run off a network
Connect PHP to an AS/400
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
.NET Migrations Engine
Is there a version control system for database structure changes?
SQLite and XSD
How do I version my MS SQL database in SVN?
XSD DataSets and ignoring foreign keys
Flat File Databases in PHP
Throw Error In MySQL Trigger
Binary Data in MySQL