Monday, September 30, 2013

An Alternate Method of Enabling White-list Training

With the latest updates to the rdbhost.jquery.js jQuery plugin, coding front-end applications using the full power of SQL is even easier.

For those readers not familiar with the system, let me recap:

Rdbhost provides SQL databases accessible, safely and directly, from browser code.    Just write SQL inline in your JavaScript application, the SQL will be submitted to the Rdbhost server as needed, validated, and executed.  Results or an error message are then returned to the client.

Validating the SQL submitted is managed by comparing SQL queries with a white-list, and that white-list is populated by a training process.   Previously, that training process was enabled by going to the website, and enabling training for your client IP.   The white-list would then be populated by running the client application to submit necessary queries.  After the training is complete, the training would be disabled from the website account management pages.

The prior two paragraphs describe how the system has worked until now, and that method will continue to be available.  However, there is now an easier way, a way that contributes to an even nicer workflow.

The rdbhost.utils.jquery.js plugin includes some new methods, allowing training to be authorized from the client app:


The options object can have exactly the same elements as the $.postData method, used in the same way.  The difference from $.postData is that when the request fails on a white-list error, the $.postData method will just return an error, bu the $.preauthPostData call will allow you to enable training mode briefly and resubmit the request.  It will show you an html dialog box for receiving the account email and password, get those from you, and then use them to enable training briefly (8 seconds), and immediately resubmit the request.  The second submission would successfully white-list the query.

There is a similar method for form submissions, that works analogously:

$.preauthPostFormData(form, {opts...});

The parameters are the same as $.postFormData, and used the same way.  It prepares the form just as $.postFormData does, but if the submission results in a white-list error, it responds as above to temporarily enable training, and resubmit the form.

The significance of these two new methods is that you no longer need to log-in to the Rdbhost website to enable training for each session, but can enable it on a query by query basis.   If the once per session enabling seems more efficient, it is still available.

No comments:

Post a Comment