Comments on: Two data streams for a happy website http://gojko.net/2008/03/03/two-data-streams-for-a-happy-website/ The Quest for Software++ Sat, 05 Jul 2008 18:50:16 +0000 http://wordpress.org/?v=2.5.1 By: AoD http://gojko.net/2008/03/03/two-data-streams-for-a-happy-website/#comment-26679 AoD Mon, 14 Apr 2008 03:30:56 +0000 http://gojko.net/2008/03/03/two-data-streams-for-a-happy-website/#comment-26679 You're certainly welcome. I suspected it was something like that, but you never want to judge :) You’re certainly welcome. I suspected it was something like that, but you never want to judge :)

]]> By: gojko http://gojko.net/2008/03/03/two-data-streams-for-a-happy-website/#comment-26673 gojko Sun, 13 Apr 2008 22:54:16 +0000 http://gojko.net/2008/03/03/two-data-streams-for-a-happy-website/#comment-26673 Hi AoD, thanks for the tip - apparently someone injected that stuff, my wordpress installation was out of date for two weeks. I removed it. Thanks again. Hi AoD, thanks for the tip - apparently someone injected that stuff, my wordpress installation was out of date for two weeks. I removed it. Thanks again.

]]> By: AoD http://gojko.net/2008/03/03/two-data-streams-for-a-happy-website/#comment-26672 AoD Sun, 13 Apr 2008 22:39:42 +0000 http://gojko.net/2008/03/03/two-data-streams-for-a-happy-website/#comment-26672 What's with the hidden porn links embedded in the article, beginning after the sentence "then the growth options will be severely limited."? Are those intentional, or has someone managed to inject stuff into your page? It took me a minute to figure out why your site was coming up under blocked content... What’s with the hidden porn links embedded in the article, beginning after the sentence “then the growth options will be severely limited.”? Are those intentional, or has someone managed to inject stuff into your page? It took me a minute to figure out why your site was coming up under blocked content…

]]> By: Shiraz Kanga http://gojko.net/2008/03/03/two-data-streams-for-a-happy-website/#comment-25833 Shiraz Kanga Mon, 10 Mar 2008 03:11:23 +0000 http://gojko.net/2008/03/03/two-data-streams-for-a-happy-website/#comment-25833 So then may we have 3 classes of data streams - pure stateless, secure stateless and stateful. So then may we have 3 classes of data streams - pure stateless, secure stateless and stateful.

]]> By: gojko http://gojko.net/2008/03/03/two-data-streams-for-a-happy-website/#comment-25823 gojko Sun, 09 Mar 2008 11:18:24 +0000 http://gojko.net/2008/03/03/two-data-streams-for-a-happy-website/#comment-25823 Hi Shiraz, this is by no means the final partition, but I propose using this as the first one, as it allows you to cache and further partition generic data and remove all the overhead of authentication and SSL without any special analytics. With user-specific data, even if it is stateless, things become a bit tricky. If there is no authentication required by business rules to access such data, then I'd "cheat" and push that as well into generic data servers if possible. For example, personal pages on social networking sites may be considered user specific at first glance, because they are related to a particular user, but they are in fact generic because everyone can access the same details. The site can store your user ID in a cookie and then forward you to the correct profile when you click on "My page" link without touching the database. There is no harm if I see your page, as long as I cannot change it without authentication. If authentication to view the data is required by business rules (for example in a typical e-commerce application) then caching that data and exposing it directly would be considered a <a href="http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=enumerating+users" target="_blank" rel="nofollow">huge security gap</a>. So this data stream has to go though SSL and be protected by proper authentication. Putting it in the same cache as other data would only complicate things for the rest of cache. Depending on business rules, this may be cached as well, but under the umbrella of user specific services. That way the generic data stream remains simple. Hi Shiraz,

this is by no means the final partition, but I propose using this as the first one, as it allows you to cache and further partition generic data and remove all the overhead of authentication and SSL without any special analytics. With user-specific data, even if it is stateless, things become a bit tricky.

If there is no authentication required by business rules to access such data, then I’d “cheat” and push that as well into generic data servers if possible. For example, personal pages on social networking sites may be considered user specific at first glance, because they are related to a particular user, but they are in fact generic because everyone can access the same details. The site can store your user ID in a cookie and then forward you to the correct profile when you click on “My page” link without touching the database. There is no harm if I see your page, as long as I cannot change it without authentication.

If authentication to view the data is required by business rules (for example in a typical e-commerce application) then caching that data and exposing it directly would be considered a huge security gap. So this data stream has to go though SSL and be protected by proper authentication. Putting it in the same cache as other data would only complicate things for the rest of cache. Depending on business rules, this may be cached as well, but under the umbrella of user specific services. That way the generic data stream remains simple.

]]>