The SmartDB Resource Center
The SmartDB Resource Center
I put together this blog post for those interested in learning more about the SmartDB architecture and how to apply it in your applications.
Join the DZone community and get the full member experience.Join For Free
Read the 2019 State of Database DevOps Report for the very latest insights
I put together this blog post for those interested in learning more about the SmartDB (also or formerly known as "ThickDB") architecture and how to apply it in your applications. I will update it as more resources become available.
What Is SmartDB?
Bryn Llewellyn, PL/SQL Product Manager, offers this description:
Large software systems must be built from modules. A module hides its implementation behind an interface that exposes its functionality. This is computer science’s most famous principle. For applications that use an Oracle Database, the database is, of course, one of the modules. The implementation details are the tables and the SQL statements that manipulate them. These are hidden behind a PL/SQL interface.
This is the Smart Database paradigm: select, insert, update, delete, merge, commit, and rollback are issued only from database PL/SQL. Developers and end-users of applications built this way are happy with their correctness, maintainability, security, and performance. But when developers follow the NoPlsql paradigm, their applications have problems in each of these areas and end-users suffer.
The two leading proponents of SmartDB from Oracle are:
Bryn Llewellyn, Product Manager for PL/SQL and Edition-based Redefinition
Bryn Llewellyn has worked in the software field for more than thirty-five years. He joined Oracle UK in 1990 at the European Development Center to work on the Oracle Designer team. He transferred to the Oracle Text team and then into consulting as the text specialist for Europe. He relocated to Redwood Shores in 1996 to join the Oracle Text Technical Marketing Group. He has been the product manager for PL/SQL since 2001. In 2005, he became responsible, additionally, for edition-based redefinition (EBR for short). This is the Oracle Database capability that supports online application upgrade.
It’s hard for Bryn to remember his life before Oracle. He started off doing image analysis and pattern recognition at Oxford University (programming in FORTRAN) and then worked in Oslo, first at the Norwegian Computing Center and then in a startup. In Norway, Bryn programmed in Simula (its inventors were his close colleagues). This language is recognized as the first object-oriented programming language and was the inspiration for Smalltalk and C++. Bryn is an Oak Table member.
Toon Koppelaars, Real World Performance Team
Toon has been part of the Oracle eco-system since 1987. He is currently a member of Oracle's Real World Performance team. RWP troubleshoots application performance issues in and around the DBMS. The way applications currently use (or, rather, abuse) the DBMS is often at the root of these performance issues. Prior to joining the RWP team, Toon was mainly involved in database application development. He is the co-author of "Applied Mathematics for Database Professionals" (Apress 2016), a member of the OakTable network (http://www.oaktable.net/) and alumni Oracle ACE-Director. His special interests are architecting applications for performance and scalability, database design, and business rules/constraints modeling. He is a long-time champion of the Smart Database paradigm, as witnessed by his authorship of the Helsinki Declaration (IT Version) in 2009.
Follow Toon on Twitter.
AskTOM Office Hours on SmartDB
AskTOM, famous for its exhaustive Q&A on Oracle Database, has added free, monthly training, and Q&A, in the guise of Office Hours.
Bryn and Toon offer a monthly series on SmartDB. Subscribe here for reminders to stay up on the very latest with SmartDB!
Which one do you think requires a bigger database server?
Toon Koppelaars describes an experiment to measure the work done by Oracle Database to complete a specific task using different approaches. The NoPlsql approach treats the database as no more than a persistence layer, using only naive single-row SQL statements; it implements all business logic outside of it. The Thick Database approach treats the database as a processing engine; it uses a combination of sophisticated set-based SQL statements and PL/SQL to implement all business logic inside it. “No business logic in the database” advocates take note: the Thick Database approach gets the task done with far less database work than the NoPlsql approach.
This session examines in practical detail how to ensure that the hard shell of a database’s PL/SQL API is impenetrable. It advocates strict adherence to the principle of least privilege by using a four-schema model (data, code implementation, API, and connect) and invokers rights units together with code-based access control. Scrupulous care is taken to ensure that the privileges needed for installation and patching are not available at runtime, and the approach is reinforced by secure error-handling.
Slide deck from Toon's presentations at ODTUG's Kscope17 conference. Toon goes deep into the question of where business logic should reside, and the benefits you get from putting that logic into the database.
Also: Why SmartDB?
Bryn Llewellyn offers a "sketch" of how developers and DBAs should set up their application in the database to follow a SmartDB architecture.
Bryn Llewellyn's definitive white paper on the key advantages accrued when you use the PL/SQL language, to build secure, maintainable, high-performance applications that guarantee data integrity and consistency.
Assuming you buy into the SmartDB paradigm and will enclose your SQL statements inside PL/SQL "hard shell," this white paper from Bryn Llewellyn will help you do it properly.
Millions of people develop applications on top of Oracle Database. The most secure and optimized of those applications take full advantage of SQL and PL/SQL. In this CodeTalk webcast, Steven Feuerstein interviews Oren Nakdimon of Moovit (lead developer for the backend of this popular transit app, to find out just how he and his small team have made the most of PL/SQL, and how they manage their PL/SQL code base.
If you are guarding your data behind a hard shell PL/SQL API as Bryn Llewellyn, Toon Koppelaars and others recommend, then it should be quite easy to prove, that your PL/SQL application is secured against SQL injection attacks. The basic idea is 1) that you do not expose data via tables nor views to Oracle users used in the middle-tier, by end-users and in the GUI; and 2) that you use only static SQL within PL/SQL packages. By following these two rules, you ensure that only SQL statements with bind variables are used in your application, making the injection of unwanted SQL fragments impossible. In this blog post, Philipp Salvisberg shows how to check if an application is complying to these two rules.
Published at DZone with permission of Steven Feuerstein , DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.