Monday, September 30, 2013

An Alternate Method of Enabling White-list Training



With the latest updates to the rdbhost.jquery.js jQuery plugin, coding front-end applications using the full power of SQL is even easier.

For those readers not familiar with the Rdbhost.com system, let me recap:

Rdbhost provides SQL databases accessible, safely and directly, from browser code.    Just write SQL inline in your JavaScript application, the SQL will be submitted to the Rdbhost server as needed, validated, and executed.  Results or an error message are then returned to the client.

Validating the SQL submitted is managed by comparing SQL queries with a white-list, and that white-list is populated by a training process.   Previously, that training process was enabled by going to the Rdbhost.com website, and enabling training for your client IP.   The white-list would then be populated by running the client application to submit necessary queries.  After the training is complete, the training would be disabled from the website account management pages.

The prior two paragraphs describe how the system has worked until now, and that method will continue to be available.  However, there is now an easier way, a way that contributes to an even nicer workflow.

The rdbhost.utils.jquery.js plugin includes some new methods, allowing training to be authorized from the client app:


$.preauthPostData({opts...});

The options object can have exactly the same elements as the $.postData method, used in the same way.  The difference from $.postData is that when the request fails on a white-list error, the $.postData method will just return an error, bu the $.preauthPostData call will allow you to enable training mode briefly and resubmit the request.  It will show you an html dialog box for receiving the account email and password, get those from you, and then use them to enable training briefly (8 seconds), and immediately resubmit the request.  The second submission would successfully white-list the query.


There is a similar method for form submissions, that works analogously:


$.preauthPostFormData(form, {opts...});

The parameters are the same as $.postFormData, and used the same way.  It prepares the form just as $.postFormData does, but if the submission results in a white-list error, it responds as above to temporarily enable training, and resubmit the form.

The significance of these two new methods is that you no longer need to log-in to the Rdbhost website to enable training for each session, but can enable it on a query by query basis.   If the once per session enabling seems more efficient, it is still available.



Sunday, September 22, 2013

Automated Backups

Regularly Scheduled Backups to S3

Backing up your account to Amazon S3 has been a feature here for years.  Now, you can schedule automated backups, where your Rdbhost account is dumped to your S3 account on a regular basis.

You can arrange the backup to be done on a regular interval from 15 minutes to 7 days.  The backups are put in the S3 bucket you designate in your S3 config page, and are named with the date and time, as well as the account id.

Generally speaking, managing the dump files in your S3 account is your responsibility, manageable through Amazon's own management pages.  However, we do offer one tool to help.  After each backup, you can have Rdbhost prune the backup file collection, based on simple rules.

The first rule is a maximum age, where every backup over that age gets deleted.   The second rule is a percentage limit; each backup cannot be older than a given percentage of the next older backup.  For example, if your oldest backup is 10 months old and your configured percentage is 90%, the next oldest cannot be older than 9 months, and the one before that can only be 8 months, 3 days old, and so forth.

This pruning can help in keeping your S3 account from getting too large, too quickly.