Tuesday, December 22, 2009

The lookup schema and 'borrowed' privilege

In an earlier post, I discussed the need Rdbhost has for a sudo type function, where a lower privileged role can 'borrow' greater privilege for specific limited functionality.

What has been implemented (read on) can be used to that effect, but is not implemented quite that way. Instead, we created additional roles (with and without authentication) that are restricted to running predefined queries only. You can do most querying using a low privilege role (typically the Reader role), and then adopt one of these new roles to do predefined operations that require higher privilege. Because these roles are restricted to certain queries, they can be granted greater PostgreSQL privileges safely.

The two roles are Auth and Public, written like 'a0000000878' and 'p0000000878', incorporating the account id. Auth requires an authcode, and Public does not. They are both restricted, in that either one can only run queries from the lookup.queries table. The roles can be created from the /mbr/role_manager page, and when you create one, the lookup schema and the queries table are both created for you. Add records to them using your Super role; the Rdbadmin utility can be useful here.

Queries in the lookup.queries table are invoked just like free-form queries, except that a 'kw' parameter is provided in lieu of a 'q' parameter. The 'kw' parameter value has the tag name for the desired query. If there are any substitution tokens in the looked-up query, there must be a corresponding number of 'arg###' parameters.

There are now four roles defined for each account. They are Super, Reader, Auth, and Public. The first two can run arbitrary free-form queries against the database, in addition to the predefined lookup queries. Typically, the Reader role would have very restrictive permissions to protect the database, and the Super role would only be used by the account owner. The Auth and Super roles are authenticated, requiring an authcode to be submitted with the request. The Reader and Public roles are not authenticated.

An example of a lookup query, taken from www.Freshfaves.com, is:

tag: update
query: UPDATE faves f SET f.link = %s
WHERE f.id = %s
AND f.acctid IN (SELECT id FROM accounts WHERE key = %s)
The role used, Public, has privilege to UPDATE the faves table. But because the Public role can only execute queries from the lookup.queries table, the only updating the user can do is the query above, and that only changes a record if the key value matches. That is, the only records updateable are those for the account with the provided key. The table is safe from malicious or accidental changes to other users' accounts. The query above is invoked using a a javascript code sequence like the following (the example uses jQuery):

var dbUrl = 'http://www.rdbhost.com/db/p0000000878?callback=?';
$.getJSON(dbUrl,
{kw:'update', arg000:link, arg001:id, arg002:key},
function(d) {
alert('account updated');
};
);
The Freshfaves application just predefines all queries, but it could have defined the Reader role and done free-form queries with it.
var dbUrl = 'http://www.rdbhost.com/db/p0000000878?callback=?';
$.getJSON(dbUrl,
{q:'SELECT * FROM faves WHERE id = %s', arg000:faveid},
function(d) {
// code here to handle data retrieved
};
);
Between free-form queries on one unprivileged role, and predefined queries only on the other role, an application can manipulate databases as necessary without embedding any role authentication into the javascript.

Related Reading

Rdbhost Roles page
Rdbhost Lookup page
The FreshFaves website
FreshFaves source code .zip

Postgresql upgrade


The Postgresql server behind Rdbhost has been upgraded to the latest 8.3 maintenance release, version 8.3.8.


Freshfaves: perishable bookmarks


Fresh Faves

Freshfaves is an online bookmarking tool that features perishable bookmarks. Add pages to your bookmark list using a bookmarklet in your favorites/bookmarks list. The bookmarks are kept there for following later, and when a bookmark goes 30 days without being clicked, it gets dropped from the bookmarks page.

Hence, a clutter-free bookmark list. It is useful for keeping bookmarks that are of only temporary use, or are of uncertain usefulness.

Bookmarks of temporary value include shopping list type bookmarks, tracking a product option until you decide where to buy; once the purchase is done, the bookmarks lose their usefulness.

If you find a page is of uncertain value, you can bookmark it here; if you never find time to follow up, or if it proves on the first couple visits to not be worth keeping, it will go unvisited and drop off the list in time. If such a link does prove to be of value, we make it one-click easy to copy it to your accounts on other (more permanent) bookmarking sites. Of course, we also provide a delete function to remove it immediately, if you so choose.

There are no login accounts or passwords; the authentication information is in the bookmarklet itself. We do make it easy to email that bookmarklet to yourself (for safe-keeping) or a friend (for sharing).

Rdbhost

This service is implemented using Rdbhost, of course. I used the JSONP data format, as it allows making cross-site requests (in this case, from www.freshfaves.com to www.rdbhost.com). It does not permit POST mode requests, but for this low-security application, that is ok. I am working on an AJAX-Rdbhost toolkit to make cross-site requests straightforward in any mode, and that will be announced here in its time.

The source code is available in a zip file, here.

Monday, December 14, 2009

Sudo and SQL


Rdbhost databases can be queried from Javascript applications. Aside from the cross-site-scripting safeties, there is one major design obstacle to hosting your javascript applications data here.

PostgreSQL provides the ability to setup multiple roles, but generally you do not want to create a new role for each web user. Most web users are anonymous, in fact, and could not be correlated with a particular role. Generally, for a web application, you would set up a small number of PostgreSQL roles, and then provide additional programming layers to authenticate users and allow each only appropriate operations on the database.

Unfortunately, for a Javascript application hosted on Rdbhost, you would have to embed the Postgres role password (authcode) in the javascript, in order to provide it to the server with each SQL request. Even if you did not distribute it with the javascript app, but retrieved it dynamically conditional on the user entering a passphrase, say, it would still be in the javascript temporarily. If the client were provided the authcode temporarily, for some legitimate purpose (say, to add themself to, or remove themself from, a members table), you could not prevent them from submitting that authcode with different SQL later, perhaps malicious SQL. If you were to provide them a role and authcode to remove their records from a table, you could not prevent them from removing others records as well.

Now, there are useful javascript apps that can be written to work safely under these constraints. For example a blog application could allow anonymous users to use a role that permits INSERT and SELECT on the comments table. The blogger himself or herself would use a super role that permits everything, but the anonymous web user would be able to add comments. That much can be controlled via PostgreSQL roles privileges. Many apps, though, need a more refined security model.

Unix and its kin have long had a tool called sudo. Sudo allows a user to run specific commands using the privileges of another user. The specific commands to be permitted must be listed, in advance, by a user with greater privilege.

Rdbhost needs a feature akin to sudo for use by javascript programmers. The programmer can configure the necessary queries that can be run, what role (privileges) they will run as, and who can be permitted to run them. Then the javascript app can use a low privilege role for most purposes, and then use the sudoish feature to do higher privilege operations that are predefined to operate safely. A javascript programmer can write a javascript application that is widely distributed and widely studied, and use a hosted shared database for application data, without exposing that database to malice.

Comments welcome.



Friday, December 4, 2009

Rdbhdb 0.9.1

The DB API module, Rdbhdb, has been re-released. Only two changes in this version:

  1. https (TLS) is used by default.
  2. A bug causing incompatility with Python 2.4 was fixed. 2.4 does not have an 'any' builtin, so the module provisionally provides one.
Available here or from Pypi.

http://www.rdbhost.com/downloads/rdbhdb-0.9.1.zip
http://pypi.python.org/pypi/rdbhdb/0.9.1

Monday, November 23, 2009

More changes to Rdbadmin and Rdbhost


A few recent improvements to Rdbadmin:

  • Main page shows tables and fields.
  • New section of left-hand menu shows schemas.
  • Menu options create and rename schemas.

Improvements to Rdbhost:

  • Login page (and login link from front page) is https.
  • Login cookie is 'secure' so will not be available to non-https pages.
  • Attempting to access another account while logged into yours will result in an error. You must log out of your account to access any other.

Wednesday, November 18, 2009

Improvements to Rdbadmin program


Rdbhost sports its own admin utility, Rdbadmin, implemented in Javascript. It is useful to create and remove tables and views, adding and deleting data from tables, and performing queries.

Rdbadmin has been upgraded, with both new features and bug fixes.

New features include:
  • Table and view lists are sorted.
  • Tables and views can belong to schemas other than public. This will become more important with upcoming features.
  • New feature to set field defaults on tables.
  • HTML content is now escaped, so that it reads as the tags themselves, and the data inline formats cannot interfere with the display table structure.
  • In the select page, query data values are parameterized, so the data values cannot be misinterpreted by the SQL engine as statements.
  • The login and logout functionality has been removed. Logging in is done via the www.rdbhost.com front page (or the www.rdbhost.com login page), and logging out from the profile page. The admin script gets role and authcode from the rdhost member cookie, and just bounces the user to the login page if member cookie is missing. The 'guest_account' functionality is still present, where the 'r'-role can be provided on the url.
As always, the admin program is linked from the profile page. As always, your questions and criticisms are welcome.

Saturday, November 14, 2009

Guest usage of Rdbhost accounts

There is a handy way to provide other people read-only access to your Rdbhost database.

If you have enabled the 'r'-role, and given it reasonable (ie: only SELECT) permissions on the tables, you can allow other people to access your database using that role.

Just use the url for the rdbadmin page, and append the 'r'-role name to the url, with a '?'.

For example, our stackoverflow database is account 'db0000000767', and the 'r' role has been enabled and GRANTed appropriate privileges. The guest usage url is thus:
http://www.rdbhost.com/rdbadmin/main.html?r0000000767 .

Try it here.

There is no way to provide an authcode with the rolename, so it will not work for 's'-roles.

Monday, November 9, 2009

YASOP: Yet another Stackoverflow post


The latest data dump from Stackoverflow has been placed in our stackoverflow account


I was just reading some old stuff on meta.stackoverflow.com about hosting a publicly query-able copy of the dump, with reporting or graphing options.

This account (at the above url) provides the data, with the flexible querying of SQL, Google's Appengine provides some charting tools, and our Rdbhdb module provides a DB API type interface for accessing the data from GAE.

Have fun.



Monday, October 26, 2009

Rdbhdb v 0.9

A new version of Rdbhdb is available from Pypi. Rdbhdb is the DB API 2.0 module for accessing Rdbhost databases remotely from Python applications.

Rdbhdb v 0.9 download page on PyPI
Rdbhdb v 0.9 download page on Rdbhost

New in this version:

  • Uses gzip decompression, optionally, for data downloads from server.
  • Supports the sending of binary data (as buffer datatype) in query parameters.
  • .execute_deferred() method provided to execute queries in deferred mode. Deferred mode does not return results, but allows a more generous time limit for query completion. Useful for updates or inserts that might need extra time.
  • .nextset() method implemented on cursors. Multiple queries can be aggregated into a single .execute() call, delimited by ';'. One result set is returned for each query, and .nextset() advances to the next result set in the returned list.
  • .https attribute added to connection, to force use of SSL. Defaults to False, no SSL.

This version is the one currently in use on rdbhost.appspot.com, for its monitoring function.

Edited 28 Oct 09: Added rdbhost hosted download link.
Edited 9 Nov 09: Spelled PyPI properly

SSL Downtime

I was told yesterday by a site user that www.rdbhost.com's SSL certificate was expired.

For the moment, the secure site of www.rdbhost.com is down, and will be back up later today when I have time to get the certificate updated and installed.

David Keeney

As of 8PM on Tuesday, SSL is back up and working.

Friday, October 23, 2009

User side testing and Twill

History

RdbHost has two faces: one that the human user sees, and one that their software sees. The software side, the 'web service' has always had good testing. That it was designed to be computer parse-able without screen-scraping meant it was easy to write automated tests for it. There are in fact two sets of web service tests, one that uses urllib2 to query directly, and another that tests the DB API module Rdbhdb by using it to query the server.


Website Testing

Until recently, the human-readable (aka the web site) side of the business was not tested in any automated way. I would test features I thought might be affected by a change, manually, after an update. I am not sharing any details, but that strategy has proven to be deficient. Now we have a test suite for the user side as well.


Twill

The software used for the new tests is Twill. Twill can be run as its own scriptable shell, or included as a python module and the functions called from python. The Twill python module has an instantiated object syntax, where you create a browser object and call methods on it. Unfortunately, the browser object does not support the 'show' method. I ended up giving up on the explicit browser object, and just used the implicit browser. It works well, but doesn't satisfy my 'explicit code is more comfortable' preference.



Tests and Email

Many features of the website use email for various authentication functions. To reset your password, the site emails a password reset-link. To change your email address of record, you have the site email a change link to the new address. Creating a new account involves emailing the initial login password to the submitted address. How does one test such a system with Python and Twill?

My solution was to use one of the spam-dodging sites that allow one to receive email anonymously. Just email to 'anyname@spamspot.com' and spamspot.com will post the email content to a blog style web page, intermingled chronologically with other user's emails. The test code can request an email, for whatever functionality being tested, give the site a spamspot.com email address to mail to, wait a few seconds for the email to arrive and be posted, and then use Python and Twill to request the spamspot page and parse out the rdbhost email and its embedded password or links using 're' module. It is appropriate (if also a little paranoid) to change the password shortly thereafter to minimize tampering by other readers of spamspot.

There are many anonymous email receiver websites. Spamspot.com (mentioned above) and Makemeaking.com are more useful for our purposes than some, because they include the email inline to the page, without requiring another link-following step, and the prerequisite link parsing step.



Edited 24 Oct 09: added reference to Makemetheking.com
Edited 26 Oct 09: minor grammatical corrections

Friday, September 25, 2009

Multiple Recordsets

It can be very useful to put multiple queries into one web-service request. You get multiple query responses, and only suffer the request overhead for one request.

Rdbhost now supports returning multiple record sets for one request.

If you have multiple Postgresql statements in your request 'q' param, delimited by ';', each is processed in sequence, and the results for each are added to the list of record sets. Instead of one group in the results called 'records', you have an outer group called 'result_sets', and a group within that for each statement. The details differ between the json, json-easy, xml, and xml-easy formats, but the above description applies to each.

json format for multiple result-sets looks like:


{
"status": [
"complete",
"OK"
],
"result_sets": [
{
"status": [
"complete",
"OK"
],
"records": {
"header": {
"id": 23
},
"rows": [
{
"id": 1
}
]
},
"row_count": [
1,
"1 Rows Affected"
]
},
{
...
}
]
}

for comparison, the single recordset variant looks like:


{
"status": [
"complete",
"OK"
],
"records": {
"header": {
"id": 23
},
"rows": [
{
"id": 1
}
]
},
"row_count": [
1,
"1 Rows Affected"
]
}

The single result-set variant puts the count, status, and records all in the root.

The multiple result-set variant puts creates a result-set group, containing count, status, and records, for each statement in the request. There is also one status element in the root, and if the status is 'error', there will be no result sets.

The xml formats have similar layout:


<xml xmlns="http://www.rdbhost.com/xml.html">
<status value="complete">OK</status>
<result_sets>
<result_set>
<row_count value="1">1 Rows Affected</row_count>
<status value="complete"/>
<records>
<header>
<fld type="23">id</fld>
</header>
<rec>
<fld>1</fld>
</rec>
</records>
</result_set>
<result_set>
...
</result_set>
</result_sets>
</xml>


The xml formats have a 'result_sets' container element, and multiple 'result_set' container elements within that.

The service is free; you can learn more about it by registering for an account, reading the online documentation, and experimenting.

http://www.rdbhost.com

Monday, September 7, 2009

Stackoverflow Data


The stackoverflow database account here has been updated to include the September data dump. That includes cumulative data up to 31 August.

A fairly complete set of indexes was added to the basic tables. Long text fields, like message bodies, do not benefit much from ordinary indexes, because you rarely search on the whole content, and the key content is not necessarily at the beginning of the field, where an index would accelerate access. So the short fields are indexed, large text fields are not.

Now, full text indexing might be useful, but the typical use case is to find posts on a given topic, and just searching the stackoverflow site using its on-site search, or Googling, would be more generally useful. Full text searches in Postgresql involve, optimally, a non-standard functions that normalize the search terms; it gets better results than a straight keyword search, but involves a learning curve.

Maybe queries like 'how many posts about python have scores over 100?' would be useful, but that can be approximated by querying on tags joined to posts via tagging.

I hope the database is useful. Let me know if you have any comments or complaints.

The stackoverflow database is at:
Just login with the default login and no password.

David

Wednesday, September 2, 2009

UserTesting

I gave a try to the usability testing website, UserTesting.com.

I paid around $70 for three tests. The first test occurred within 24 hours, and the others 3 days later. Each lasted 10 - 25 minutes. UserTesting sets up their testers with screencast type software, and with the software is recording their session, they are talking about their thought process doing the task assigned.

Rdbhost.com is a site for programmers, to support programming efforts. I did not think I could create a reasonable 15 minute task that involved creating a program, so I described a simple database operations task; create an account, create a table, put some data in it. I required the testers already have some SQL programming knowledge. Despite the task being tangential to our core purpose, the tests were informative, if also humbling.

Some observations of the testers:

All accomplished the basic task, despite some inefficiencies. Each fell back on typing SQL into the sql box for data entry, despite the existence of a form to do that function. The SQL box is there as a do-anything catchall, of course, and it did serve that purpose.

One tester 'cheated' by visiting the site and looking at internal pages before starting the recording session. (link color betrayed him). All offered subjective commentary beyond narrating their problem solving process. The subjective criticism bothered me a bit, until I decided to just filter it out and focus on the observations.

Observations by the testers:

Rdbadmin javascript 'button' links did not look like buttons. Testers worked all around the 'new item' link, because it looked like a subtitle, rather than a link. I admit, my own tinkering with the page format a few days prior had busted the link display, and I had not noticed.

The profile page was not intuitive, and while all three found their way to the Rdbadmin, only one did so quickly. Only one of the three actually read help pages, despite their prominent link placement.

The general look of the site got some knocking, getting called a 'spoof site', 'dated', and 'powerpoint slide'.

Outcome

I have fixed the obvious problems, making the admin links look, again, like links, and adding description to the profile page links. I have some notes for a more pervasive redesign, in time, but the quick fixes improved the usability quite a bit.

UserTesting.com gets a recommendation from me. The whole system is slick, with very useful screencasts delivered for each tester, as well as summary analysis in prose.

Friday, August 28, 2009

JsonP


Rdbhost.com now provides JSONP as a format option.

JSONP allows data to be requested from a site different from that of the referencing page. You can put a page on your domain somewhere, and retrieve data from www.rdbhost.com using a cross-site request and the JSONP format.

Let us look at a very simple example. Rdbhost maintains a table of performance statistics (on itself, about itself) in a table 'stats' in account db000000005 . We will query that table from our page for a count of records. The entire example page is 11 lines:

01 <html>
02 <body>
03 Count of records in 'stats': <span id="count"></span>
04 <script>
05 function showct(data){
06 document.getElementById("count").innerHTML = data['records']['rows'][0]["count"];
07 };
08 </script>
09 <script src="http://www.rdbhost.com/db/r0000000005?q=SELECT%20count(*)%20from%20stats&callback=showct"></script>
10 </body>
11 </html>
Lines 01 to 03 are just html to show the count when we get it. Lines 05 to 07 are a javascript function to process the count data after receiving it, and line 09 is the actual request.

Line 09 is a script tag: it retrieves the page at the url identified in 'src', and processes it as a script. The 'callback' parameter indicates the name to 'wrap' around the data, and implies the request needs JSONP output format. The content received is this:

showct({
"records": {
"header": {
"count": 20
},
"rows": [
{
"count": "5456"
}
]
},
"row_count": [
1,
"1 Rows Affected"
],
"status": [
"complete",
"OK"
]
})

When this is processed as a script, the 'showct(...)' is interpreted as a function call, and executed. The function had been defined in lines 05 to 07, and just extracted the 'count' element of the JSON and put it in the HTML element 'count', for display.

This page works cross-site, so you could host such a page on your site, under your domain, and retrieve records from rdbhost.com dynamically. If you prefer jQuery, you can retrieve JSONP content using the .getJSON function, including a 'callback' parameter in the url to retrieve. Using jQuery has the virtue that you do not need a named callback function, as jQuery will allow its typical anonymous callbacks even with JSONP.

Limitations:
  • Requests use 'GET' mode, not 'POST', so any authentication information would be there in the link for users to read.
  • Rdbhost does not permit authcodes to be passed in GET requests, for security reasons. JSONP usage is thus only useful for queries using the 'r' role, with no authentication. To query your own account, you would need to enable the 'r' role from the profile page, and probably GRANT it some SELECT privileges on tables in the account, using rdbadmin or the SQL_form.
Example pages can be found at the following links. Use view source to see the internals.


The request urls can easily get long enough to be unwieldy. These two pages demonstrate a technique for putting the url in a javascript variable, where it can be line-wrapped.

The Rdbhost website itself is at: http://www.rdbhost.com.

Monday, August 10, 2009

Stackoverflow Data

Stackoverflow.com, in case you haven't heard of it, is a very popular question and answer site for programmers.

It was developed by Jeff Atwood and Joel Spoelski, both well known bloggers on technology, and they produce an entertaining podcast on the development of stackoverflow.com and (more or less) related computer topics.

Anyway, to get to the point, the data at stackoverflow is all user generated, and licensed under Creative Commons. They release, about once a month, an xml dump of all the data, in a big archived file. The release includes all posts and all comments, and some user profile data.

With some pro-active assistance from Stéphane Bortzmeyer, I have imported the data from the August dump into an Rdbhost database and made it available to anonymous users, with SELECT privilege only (no changes to data permitted). The database engine behind the Rdbhost webservice is Postgresql.

The database is at: www.rdbhost.com/rdbadmin/main.html?r0000000767
Just click the login button; no authentication is required. The SQL admin software is a work-alike to Adminer (formerly phpMinAdmin), implemented in javascript.

Hopefully, the table and field names make sense and their meanings can be inferred. If you find the indexes to be insufficient for your purposes, email me or put a comment on this blog entry. There is a 3 second query duration limit, so any query needing a full-table scan on any of the larger tables will likely fail.

Have fun.

Edited: Added mention of Postgresql and made a few grammar/punctuation corrections.

Monday, August 3, 2009

Binary Content


Formats

The usual approach to using rdbhost is to request records, consisting of multiple fields, and that record data is incorporated into a structured JSON or XML page and delivered to requesting client. The client can then disassemble the structure to extract the data for use. Those JSON or XML formatted pages are text, and non-text data gets encoded/escaped to make it fit a textual structure.

Sometimes, though, you just want the raw data, without textual escaping. This would be useful for an image database, for example. You would like to just send the binary image data to the browser or other client, and have it processed without any text-binary decoding.


Binary Format

The 'binary' format does just this. If your request calls for a binary format, using the format parameter, all the fields of all the records of the output are just catenated together and the resulting blob is sent to the client. I would expect the typical use is querying for one field of one record, but if you have need to aggregate multiple fields together, it will do that. The data to be queried this way should generally be stored in bytea fields; bytea fields are delivered as-is, others are utf-8 decoded and non-decodable characters are escaped.

When you request binary format, the format parameter value can have content-type appended to it, delimited by a colon; for example "format=binary:image/jpeg" would result in the query data being sent as a binary blob, and with a 'content-type: image/jpeg' header line. If you are delivering the binary content directly to a browser, the content-type is very helpful to the browser in rendering the object correctly.

Inserting Binary Data into Database

Getting the binary data into the database is its own problem. Our sql_form supports http file uploads of binary data. Put the binary data in a file, and upload it through the form, and it will be processed by the server as binary. Unless you put it into a bytea field, it will be utf-8 encoded going into the table, and will be utf-8 decoded when delivered in response to a SELECT. The Python DB API module does not, today, support binary uploads, but that is planned for the next version. In the meantime, the PostgreSQL decode(...,'base64') function can be used to put binary data into a field, but you would need a client side base64 encoder to pre-encode the data.

Sample Page

A sample page can be viewed here. The full url is below, and it incorporates the account and the query all into the query string. The page itself is delivered in response to a database query, and the embedded image comes from another database query.

http://dev.rdbhost.com/db/r0000000763?q=select+data+from+d+where+tag%3d%27page%27&format=binary:text/html

That page was created using the sql_form form linked from the profile page, with SQL INSERTs and the file upload feature.


David

17 May 2010
Updated to correct url.

Wednesday, July 22, 2009

Parts is parts


Rdbhost is a thin wrapper around the Postgresql database engine (8.3.7). The web server receives the request, authenticates the requester, and provides the query to the database engine. The results of the query are then converted to XML or JSON and sent to the requester.

Query results are formatted as XML or JSON, which are generated using the excellent Python libraries lxml and simplejson. The lxml library is a Python binding for libxml2 "the Gnome XML C parser and toolkit".




http://code.google.com/p/simplejson/ SimpleJson





The post title is from a classic American television ad for automotive parts, wherein the negative credibility speaker suggests that all parts are equal.

Tuesday, July 21, 2009

A modest venture


www.Rdbhost.Com provides a service that I have not seen available, in any similar form.

If you need an SQL database, and your web host does not provide or permit the installation of an SQL database, we can provide you one. As a web service, rdbhost databases are accessed via http requests. If you are coding in Python, we even have a DB API module for rdbhost databases; you can code your database usage without worrying about http or other networking issues.

Our pricing model is pay-as-you-go, so you only pay for actual bandwidth and diskspace used. To get you started, very low usage is free. To set up an account, we only ask of you a valid email address.

Set up an account for free, and dabble with it; see first hand how it works. If you agree with us that a true ACID-compliant SQL relational database is worth the modest additional setup effort, then go with it. When your account usage exceeds our free limits, we will sell you as much or as little additional bandwidth and space as you need.

We do support TLS encrypted https connections.

We provide tools for manipulating your database:
  • Rdbadmin - a database manager similar to PhpMinAdmin
  • A database dump tool to dump the entire database (as SQL) to your browser for backup purposes
  • A plain-jane html form for submitting queries to the database, and getting XML/JSON responses

A few starter links:



#