Skip to main content

The SmartDB Resource Center

I put together this blog post for those interested in learning more about the SmartDB (also or formerly known as "ThickDB") architecture and how to apply it in your applications. I will update it as more resources become available.

What is SmartDB?

Bryn Llewellyn, PL/SQL Product Manager, offers this description:

Large software systems must be built from modules. A module hides its implementation behind an interface that exposes its functionality. This is computer science’s most famous principle. For applications that use an Oracle Database, the database is, of course, one of the modules. The implementation details are the tables and the SQL statements that manipulate them. These are hidden behind a PL/SQL interface.

This is the Smart Database paradigm: select, insert, update, delete, merge, commit, and rollback are issued only from database PL/SQL. Developers and end-users of applications built this way are happy with their correctness, maintainability, security, and performance. But when developers follow the NoPlsql paradigm, their applications have problems in each of these areas and end-users suffer.

The Voice (and Face) of SmartDB 


Toon Koppelaars, Real World Performance Team

Toon has been part of the Oracle eco-system since 1987. He is currently a member of Oracle's Real World Performance team. RWP troubleshoots application performance issues in and around the DBMS. The way applications currently use (or, rather, abuse) the DBMS is often at the root of these performance issues. Prior to joining the RWP team, Toon was mainly involved in database application development. He is the co-author of "Applied Mathematics for Database Professionals" (Apress 2016), a member of the OakTable network (http://www.oaktable.net/) and alumni Oracle ACE-Director. His special interests are: architecting applications for performance and scalability, database design, and business rules / constraints modeling. He is a long-time champion of the Smart Database paradigm, as witnessed by his authorship of the Helsinki Declaration (IT Version) in 2009.

Follow Toon on Twitter.

AskTOM Office Hours on SmartDB

AskTOM, famous for its exhaustive Q&A on Oracle Database, has added free, monthly trainings and Q&A, in the guise of Office Hours. Subscribe here for reminders to stay up on the very latest with SmartDB!

Resources

NoPLSql and Thick Database Approaches with Toon Koppelaars
Which one do you think requires a bigger database server?

Toon Koppelaars describes an experiment to measure the work done by Oracle Database to complete a specific task using different approaches. The NoPlsql approach treats the database as no more than a persistence layer, using only naive single-row SQL statements; it implements all business logic outside of it. The Thick Database approach treats the database as a processing engine; it uses a combination of sophisticated set-based SQL statements and PL/SQL to implement all business logic inside it. “No business logic in the database” advocates take note: the Thick Database approach gets the task done with far less database work than the NoPlsql approach. 

Guarding Your Data Behind a Hard Shell PL/SQL API

This session examines in practical detail how to ensure that the hard shell of a database’s PL/SQL API is impenetrable. It advocates strict adherence to the principle of least privilege by using a four-schema model (data, code implementation, API, and connect) and invokers rights units together with code-based access control. Scrupulous care is taken to ensure that the privileges needed for installation and patching are not available at runtime, and the approach is reinforced by secure error-handling.

The Database: Persistence Layer (NoPlsql) or Processing Engine (SmartDB)?

Slide deck from Toon's presentations at ODTUG's Kscope17 conference. Toon goes deep into the question of where business logic should reside, and the benefits you get from putting that logic into the database.

Also: Why SmartDB?

How to install a #SmartDB application back-end

The PL/SQL Product Manager offers a "sketch" of how developers and DBAs should set up their application in the database to follow a SmartDB architecture.

Why Use PL/SQL?

Bryn Llewellyn's definitive white paper on the key advantages accrued when you use the PL/SQL language, to build secure, maintainable, high performance applications that guarantee data integrity and consistency.

Doing SQL from PL/SQL: Best and Worst Practices

Assuming you buy into the SmartDB paradigm and will enclose your SQL statements inside  PL/SQL "hard shell", this white paper will help you do it properly.

Moovit: A View From the Trenches

Millions of people develop applications on top of Oracle Database. The most secure and optimized of those applications take full advantage of SQL and PL/SQL. In this CodeTalk webcast, Steven Feuerstein interviews Oren Nakdimon of Moovit (http://moovitapp.com, lead developer for the backend of this popular transit app, to find out just how he and his small team have made the most of PL/SQL, and how they manage their PL/SQL code base.

How to Prove That Your SmartDB App Is Secure

If you are guarding your data behind a hard shell PL/SQL API, then it should be quite easy to prove, that your PL/SQL application is secured against SQL injection attacks. The basic idea is 1) that you do not expose data via tables nor views to Oracle users used in the middle-tier, by end-users and in the GUI; and 2) that you use only static SQL within PL/SQL packages. By following these two rules, you ensure that only SQL statements with bind variables are used in your application, making the injection of unwanted SQL fragments impossible. In this blog post, Philipp Salvisberg shows how to check if an application is complying to these two rules.

Is Your Application SmartDB?

Philipp Salvisberg offers another post and utility for analyzing compliance with SmartDB. He writes:

"I had recently a few discussions regarding the Smart Database Paradigm (SmartDB) with long-standing customers, new customers, partners, competitors and colleagues. Some people think that using APEX and PL/SQL in their database application is SmartDB. But it is not that simple. Bryn Llewelyn defined the term “Smart Database Paradigm” (SmartDB) in his talk Guarding your data behind a hard shell PL/SQL API. Based on his definition a SmartDB application must have the following five properties:
  • The connect user does not own database objects
  • The connect user can execute PL/SQL API units only
  • PL/SQL API units handle transactions
  • SQL statements are written by human hand
  • SQL statements exploit the full power of set-based SQL
"These five properties are not a set of recommendations. They are the bare minimum. Either your application has these properties or not. It’s binary. There is (almost) no room for interpretation....In this blog post I show how to check the compliance with the first three SmartDB properties by querying the Oracle data dictionary. The remaining two SmartDB properties have to be evaluated manually using reviews. The goal is to show that some of these properties are easily not followed (for good reasons) and that makes your database centric application something else than SmartDB (but not necessarily a curate’s egg)."

From the Community

Developers independent of Oracle also promote and teach about SmartDB and related approaches to database-centric development.

From Peter Koletzke (who prefers the term "ThickDB")

Using Thick Database Principles to Leverage Oracle SQL and PL/SQL
Part 1 - Save Cloud Costs and Simplify User Interface Development
Part 2 - Design, Create, and Maintain a Business Rules Repository
Part 3 - Implementation Techniques

From Philipp Salvisberg

Philipp's blog contains a number of posts relating to SmartDB. He has also offered up a variation on SmartDB, which he has named "PinkDB".

The Pink Database Paradigm



Comments

  1. A big thank you for this overview and bundling all these resources. It's something I'll definitely use as a reference in the future.

    ReplyDelete

Post a Comment

Popular posts from this blog

Get rid of mutating table trigger errors with the compound trigger

When something mutates, it is changing. Something that is changing is hard to analyze and to quantify. A mutating table error (ORA-04091) occurs when a row-level trigger tries to examine or change a table that is already undergoing change (via an INSERT, UPDATE, or DELETE statement). In particular, this error occurs when a row-level trigger attempts to read or write the table from which the trigger was fired. Fortunately, the same restriction does not apply in statement-level triggers.

In this post, I demonstrate the kind of scenario that will result in an ORA-04091 errors. I then show the "traditional" solution, using a collection defined in a package. Then I demonstrate how to use the compound trigger, added in Oracle Database 11g Release1,  to solve the problem much more simply.

All the code shown in this example may be found in this LiveSQL script.
How to Get a Mutating Table ErrorI need to implement this rule on my employees table:
Your new salary cannot be more than 25x th…

Quick Guide to User-Defined Types in Oracle PL/SQL

A Twitter follower recently asked for more information on user-defined types in the PL/SQL language, and I figured the best way to answer is to offer up this blog post.

PL/SQL is a strongly-typed language. Before you can work with a variable or constant, it must be declared with a type (yes, PL/SQL also supports lots of implicit conversions from one type to another, but still, everything must be declared with a type).

PL/SQL offers a wide array of pre-defined data types, both in the language natively (such as VARCHAR2, PLS_INTEGER, BOOLEAN, etc.) and in a variety of supplied packages (e.g., the NUMBER_TABLE collection type in the DBMS_SQL package).

Data types in PL/SQL can be scalars, such as strings and numbers, or composite (consisting of one or more scalars), such as record types, collection types and object types.

You can't really declare your own "user-defined" scalars, though you can define subtypes from those scalars, which can be very helpful from the perspective…

Table Functions, Part 1: Introduction and Exploration

Please do feel encouraged to read this and my other posts on table functions, but you will learn much more about table functions by taking my Get Started with PL/SQL Table Functions class at the Oracle Dev Gym. Videos, tutorials and quizzes - then print a certificate when you are done!


Table functions - functions that can be called in the FROM clause of a query from inside the TABLE operator - are fascinating and incredibly helpful constructs.

So I've decided to write a series of blog posts on them: how to build them, how to use them, issues you might run into.

Of course, I am not the first to do so. I encourage to check out the documentation, as well as excellent posts from Adrian Billington (search for "table functions") and Tim Hall. Adrian and Tim mostly focus on pipelined table functions, a specialized variant of table functions designed to improve performance and reduce PGA consumption. I will take a look at pipelined table functions in the latter part of this seri…