OData related question: fetching data from database

  • 30Views
  • Last Post 30 August 2018
  • Topic Is Solved
0
votes
Goncalo Araujo posted this 27 August 2018

Hi, good morning

We are considering using Skyvia to expose our db to odata queries, but we have a question related to the way Skyvia gets the requested queries' data from the DB: do you get all to memory and then apply the existing $filters (if any) in memory?

Or do you parse the filters on the request first and then directly query the DB with those criterias?

 

Thank you

Order By: Standard | Newest | Votes
1
votes
Mariia Zaharova posted this 28 August 2018

Hi! This depends on the data source being used. For relational databases, SQL queries (with filters) are sent directly to the database. In case of cloud data sources it depends on data source peculiarities (e.g. whether it supports direct filtering for a specific table, on a specific field, etc.) - in some cases filters are applied directly and in some cases they are applied in the cache (memory) after retrieving all the data.

 

Best regards,

Mariia

 

  • Supported by
  • Goncalo Araujo
0
votes
Goncalo Araujo posted this 28 August 2018

Thank you for your quick reply.

For relational databases, you say that SQL queries are run with the correspondent filters, so, like a "where" clause in a normal sql query right?

Could you explain what type of security do you have regarding protection againts SQL injection type of attacks? Just to make sure that there is no possibility of adding something to the filter text that might change the data in the DB, like this situation for a normal sql query:

SELECT email, passwd, login_id, full_name

 FROM someExistingTable

WHERE email = ‘x’; DROP TABLE someExistingTable; 

 

Thank you a lot for your answers

1
votes
Mariia Zaharova posted this 30 August 2018

For relational databases, you say that SQL queries are run with the correspondent filters, so, like a "where" clause in a normal sql query right?

Yes, this is correct.

 

Could you explain what type of security do you have regarding protection againts SQL injection type of attacks? 

In order to prevent SQL injection, it is required to use parameters. Unfortunately, Skyvia Connect does not use parameters, however, we have taken all possible measures to eliminate such situations. You can check SQL queries being sent to your database in the Log of your endpoint:

https://skyvia.com/resources/docs/index.html?monitoring_data_access.htm

https://skyvia.com/resources/docs/index.html?managing_odata_endpoints.htm

 

Common words about Skyvia security:

- all interactions of our UI with API are encrypted with SSL

- by default we use OAuth to authorize Skyvia in Salesforce, so user credentials are not stored on our server

- connection strings (for datasources that do not support OAuth) are stored encrypted in our database

- we host our service in Windows Azure, so all the latest security updates are applied

- only admins have access to our server

- we have passed Salesforce AppExchange Certification

  • Supported by
  • Goncalo Araujo
Close