The SmartDB Resource Center

I put together this blog post for those interested in learning more about the SmartDB (also or formerly known as "ThickDB") architecture and how to apply it in your applications. I will update it as more resources become available.

What is SmartDB?

Bryn Llewellyn, PL/SQL Product Manager, offers this description:

Large software systems must be built from modules. A module hides its implementation behind an interface that exposes its functionality. This is computer science’s most famous principle. For applications that use an Oracle Database, the database is, of course, one of the modules. The implementation details are the tables and the SQL statements that manipulate them. These are hidden behind a PL/SQL interface.

This is the Smart Database paradigm: select, insert, update, delete, merge, commit, and rollback are issued only from database PL/SQL. Developers and end-users of applications built this way are happy with their correctness, maintainability, security, and performance. But when developers follow the NoPlsql paradigm, their applications have problems in each of these areas and end-users suffer.

Experts

The two leading proponents of SmartDB from Oracle are:

Bryn Llewellyn, Product Manager for PL/SQL and Edition-based Redefinition

Bryn Llewellyn has worked in the software field for more than thirty-five years. He joined Oracle UK in 1990 at the European Development Center to work on the Oracle Designer team. He transferred to the Oracle Text team and then into consulting as the text specialist for Europe. He relocated to Redwood Shores in 1996 to join the Oracle Text Technical Marketing Group. He has been the product manager for PL/SQL since 2001. In 2005, he became responsible, additionally, for edition-based redefinition (EBR for short). This is the Oracle Database capability that supports online application upgrade.

It’s hard for Bryn to remember his life before Oracle. He started off doing image analysis and pattern recognition at Oxford University (programming in FORTRAN) and then worked in Oslo, first at the Norwegian Computing Center and then in a startup. In Norway, Bryn programmed in Simula (its inventors were his close colleagues). This language is recognized as the first object-oriented programming language and was the inspiration for Smalltalk and C++. Bryn is an Oak Table member.

Follow Bryn on Twitter and subscribe to his blog.

Toon Koppelaars, Real World Performance Team

Toon has been part of the Oracle eco-system since 1987. He is currently a member of Oracle's Real World Performance team. RWP troubleshoots application performance issues in and around the DBMS. The way applications currently use (or, rather, abuse) the DBMS is often at the root of these performance issues. Prior to joining the RWP team, Toon was mainly involved in database application development. He is the co-author of "Applied Mathematics for Database Professionals" (Apress 2016), a member of the OakTable network (http://www.oaktable.net/) and alumni Oracle ACE-Director. His special interests are: architecting applications for performance and scalability, database design, and business rules / constraints modeling. He is a long-time champion of the Smart Database paradigm, as witnessed by his authorship of the Helsinki Declaration (IT Version) in 2009.

Follow Toon on Twitter.

AskTOM Office Hours on SmartDB

AskTOM, famous for its exhaustive Q&A on Oracle Database, has added free, monthly trainings and Q&A, in the guise of Office Hours.

Bryn and Toon offer a monthly series on SmartDB. Subscribe here for reminders to stay up on the very latest with SmartDB!

Resources

NoPLSql and Thick Database Approaches with Toon Koppelaars
Which one do you think requires a bigger database server?

Toon Koppelaars describes an experiment to measure the work done by Oracle Database to complete a specific task using different approaches. The NoPlsql approach treats the database as no more than a persistence layer, using only naive single-row SQL statements; it implements all business logic outside of it. The Thick Database approach treats the database as a processing engine; it uses a combination of sophisticated set-based SQL statements and PL/SQL to implement all business logic inside it. “No business logic in the database” advocates take note: the Thick Database approach gets the task done with far less database work than the NoPlsql approach. 

Guarding Your Data Behind a Hard Shell PL/SQL API

This session examines in practical detail how to ensure that the hard shell of a database’s PL/SQL API is impenetrable. It advocates strict adherence to the principle of least privilege by using a four-schema model (data, code implementation, API, and connect) and invokers rights units together with code-based access control. Scrupulous care is taken to ensure that the privileges needed for installation and patching are not available at runtime, and the approach is reinforced by secure error-handling.

The Database: Persistence Layer (NoPlsql) or Processing Engine (SmartDB)?

Slide deck from Toon's presentations at ODTUG's Kscope17 conference. Toon goes deep into the question of where business logic should reside, and the benefits you get from putting that logic into the database.

Also: Why SmartDB?

How to install a #SmartDB application back-end

Bryn Llewellyn offers a "sketch" of how developers and DBAs should set up their application in the database to follow a SmartDB architecture.

Why Use PL/SQL?

Bryn Llewellyn's definitive white paper on the key advantages accrued when you use the PL/SQL language, to build secure, maintainable, high performance applications that guarantee data integrity and consistency.

Why Use PL/SQL? - The Movie!

The heart of this playlist consists of two presentations ("Why Use PL/SQL" by Bryn recorded at Kscope16 and "A Real World Comparison of the NoPlsql and Smart Database Paradigms” by Toon Koppelaars, recorded at Kscope17. It is complemented by recordings of several informal conversations, all of which, as Bryn puts it "argue, each in our own rather different ways, that the database should be used as a processing engine rather than just as a bag of tables. Advocates of the bag-of-tables approach usually refer to the database as the "persistence layer"—presumably in the hope that using this term will dress up that sow’s ear as a silk purse. But Toon and I prefer to call a spade a spade—or, for brevity, the NoPlsql approach."

Doing SQL from PL/SQL: Best and Worst Practices

Assuming you buy into the SmartDB paradigm and will enclose your SQL statements inside  PL/SQL "hard shell", this white paper from Bryn Llewellyn will help you do it properly.

Moovit: A View From the Trenches

Millions of people develop applications on top of Oracle Database. The most secure and optimized of those applications take full advantage of SQL and PL/SQL. In this CodeTalk webcast, Steven Feuerstein interviews Oren Nakdimon of Moovit (http://moovitapp.com, lead developer for the backend of this popular transit app, to find out just how he and his small team have made the most of PL/SQL, and how they manage their PL/SQL code base.

How to Prove That Your SmartDB App Is Secure

If you are guarding your data behind a hard shell PL/SQL API as Bryn Llewellyn, Toon Koppelaars and others recommend, then it should be quite easy to prove, that your PL/SQL application is secured against SQL injection attacks. The basic idea is 1) that you do not expose data via tables nor views to Oracle users used in the middle-tier, by end-users and in the GUI; and 2) that you use only static SQL within PL/SQL packages. By following these two rules, you ensure that only SQL statements with bind variables are used in your application, making the injection of unwanted SQL fragments impossible. In this blog post, Philipp Salvisberg shows how to check if an application is complying to these two rules.

Comments

  1. A big thank you for this overview and bundling all these resources. It's something I'll definitely use as a reference in the future.

    ReplyDelete

Post a Comment

Popular posts from this blog

Table Functions, Part 1: Introduction and Exploration

Recommendations for unit testing PL/SQL programs

The future of Oracle PL/SQL: some thoughts on Sten Vesterli's thoughts