Save temporary data to the array or query the database

Asked

Viewed 137 times

2

It is necessary to check whether the user is allowed to view/edit data from a particular client.

This verification occurs in almost all application operations.

Currently when logging into the application, I only query the database and check which clients are associated with the user and save in a session.

When it is necessary to check if the user is allowed to view/edit client data, I do a session FOR and check if the client ID exists.

It turns out that there are users with permission to view/edit 5 clients and others with 300.
Recording in session and doing a FOR will always be faster than a database query?

OBS.: data integrity is not a concern, only if reading an array will be faster than reading the database.

logic

  • And if you used an ACL (Access Control List)? In that, for example, done in PHP, you would create the Handler and a Roll for the logged in user and then add a Resource (addition, editing...) for each client that the user would have permissions. If any Resource, of any client, if prohibited, as exclusion, you would create a denial rule. And on each page you would check permissions and authorize or not.

2 answers

2

What happens if during the section a new client is removed or authorized for that logged in user?
The way you are doing if the user never leaves the system he will never lose access or acquire new accesses.

Make queries whenever necessary, so you ensure that the user will always be doing what he can and will not be doing what he can’t do.

As much as you lose a few microseconds running the query, this failure may compromise the overall system integrity.

  • 1

    Actually the question itself already answers: If the data is TEMPORARY it has no sense to cache. Now a caveat is that memory queries are much faster than disk queries, so say that it will lose onlyfew micro seconds is a bit frivolous.

  • Regardless of how much time he spends, maintaining system integrity for sure is more important.

  • But who said this will cause any inconsistency? What if this information does not change frequently? There is no silver bullet partner. Each case is a case.

  • Right, but that’s been thought through, every time a user loses access to a customer, their session is automatically terminated. Another point is that this information does not change frequently.

  • Then this answer already falls apart. It does not apply.

  • 1

    In fact this information is important, and should be in the question, who is responding has no way to deduce how your software works

  • Another thing, with this you lose a lot with usability in your application, whenever the level of access change I will have to re-enter the system? It’s either that or I got it wrong?

  • @Erloncharles yes, but it is not something that will change frequently, they will be rare cases.

Show 3 more comments

2

You should measure what is most important in your system and what are the consequences of each decision.

  1. Check the data bank ensures that your system will not suffer from possible inconsistencies that may occur should any of these access rules change throughout the session.

Searching in the database is easier and safer indeed. However it is expensive and many queries can compromise the performance of your system.

  1. In-Memory Query: If this permissions structure is something that will hardly change I see no problem working with memory records. In memory queries are infinitely faster than disk queries (in this case, database).

In most cases searching for an element in the list will be faster than searching for an element in the database, but it is not 100% correct because there are techniques and situations that can improve or worsen performance, such as creating indexes in the database, Use of optimized search lists can optimize the search. The list is too long and the element may be at the end of it and a poorly designed bank can slow down the search.

I would particularly work with data in-memory if you were with a scenario like yours.. There are many factors and you should take all this into consideration.

  • That last sentence of yours makes me think of qualifying this question as mainly based on opinions.

  • 1

    This is not the case. Although there are many variables it is possible to arrive at a solution. The scenario is well described.

Browser other questions tagged logic

You are not signed in. Login or sign up in order to post.