Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase «««123

Rendering PDFs Natively in SQL Expand / Collapse
Author
Message
Posted Thursday, May 9, 2013 8:15 AM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Wednesday, June 25, 2014 4:22 PM
Points: 52, Visits: 405
As @johannconsult's points out, neither this approach nor any other can eliminate malicious tampering with the output. However, using a PDF does discourage tampering more than some other approaches. For example, serving a JPG and overlaying HTML text client-side would make it easier for a user to tamper with output.

Comparing apples to apples (i.e. generating the PDF at the SQL Server vs. the web server): tamper-resistance is implementation specific. It would be possible to have a good web server-based implementation...but it would also be possible to have a poor implementation that accidentally exposed undesired data or functionality.

Some aspects of architecture are subjective, and some decisions are made with an eye on factors such as separation of concerns. In this particular example, I'd prefer not to have to trust the web servers for the integrity of the coupon image. I don't want it to be possible for the web server to accidentally get the wrong serial number on the wrong background image, to serve the same coupon more than once, to expose a means for a user to overlay arbitrary text on a coupon image, etc.

The approach in the article tries to minimize points of failure, minimize the surface area, and to minimize amount of code and number of platforms to debug. But this approach also simplifies life by not requiring the involvement of the web developer in development, support or maintenance of core business-critical functionality. There is good centralized visibility into exactly what was served, with no opportunity for the user to receive something other than what the database thought the user received. Change control is more easily enforced, yet changes are simpler to make when needed. These are a few of the benefits of this particular architecture.

The article is clearly not saying that SQL-side PDF generation is best in every case. Yet in this specific example there is an elegance to having all business logic and coupon-generation functionality encapsulated in the database. Yes, this needs to be weighed against other factors such as scalability. There are no free lunches--but there are no one-size-fits-all solutions either. Good architects make appropriate decisions in view of many factors.

Regarding "scalability": a good architect will understand requirements and make decisions accordingly. Do I need to serve up hundreds of coupons? Thousands? Millions? Am I providing a general service that needs to serve up buzillions of coupons from every manufacturer on earth, or am I serving up coupons for individual small vendors? Does everything need to live in one monster SQL instance, or should each vendor have their own SQL instance? Multi-tenant or single-tenant? Serving directly to consumers, or via API through affiliate partners? and so on...

I'm always amazed at the number of people that blindly cry "scalability" as some sort of a trump card without understanding the requirements first. Scalability is only one of many factors--and it is not necessarily the most important. Not every application needs to be prepared for an infinite growth in usage. What is more, there are lots of ways to scale--even if the architect decides to centralize functionality in SQL.

Consider just a few options in this example: farm of linked SQL servers for rendering PDFs (possibly even SQL Express as Ted Cooper-351490 suggested), separate SQL servers for each vendor, pre-render and store batches of unissued coupons, scale up hardware, and many more. This approach is not a "dead-end" street with respect to scalability.

What's more, until you benchmark and profile the end-to-end solution, you really don't know how resources are consumed. It could be that rendering the PDF is nowhere close to being the limiting factor for performance and scalability. But more importantly, no one who naively cries "scalability" without knowing the requirements really has much to contribute. In the absence of understanding and addressing requirements, that cry is little more than a DBA trying to look out for himself without concern for the overall solution.

I say this not to be defensive, but to try to be helpful and instructive. Yes, I understand that the role of the DBA is to protect the database...but the database is one element of an overall architecture that exists to serve a business purpose. The more that a DBA (or any individual) can understand and contribute to the ultimate business purpose, the greater value that person can offer.
Post #1451140
Posted Thursday, May 9, 2013 9:18 AM


SSCarpal Tunnel

SSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal Tunnel

Group: General Forum Members
Last Login: Monday, July 21, 2014 11:49 PM
Points: 4,973, Visits: 11,660
I'm at risk of sounding repetitive I know - sorry but I couldn't resist trying again.

Here is a link to the Wikipedia definition of 'rendering'.

It relates to the generation and display of graphic output - not to the generation of files.



Help us to help you. For better, quicker and more-focused answers to your questions, consider following the advice in this link.

When you ask a question (and please do ask a question: "My T-SQL does not work" just doesn't cut it), please provide enough information for us to understand its context.
Post #1451186
Posted Thursday, May 9, 2013 9:31 AM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Wednesday, June 25, 2014 4:22 PM
Points: 52, Visits: 405
@Phil:

Not to belabor the point... but "generation and display of graphic output" sounds like it applies to a PDF...as well as JPG, PNG, HTML, etc. "Rendering" is not format-specific.

In common usage, web developers talk about "rendering" web page output. Browsers have rendering engines. Sometimes developers even call the process of preparing server-side emitted HTML and Javascript as "rendering".

I'm sorry you object to the use of the word "rendering" to refer to combining textual + graphical elements and outputting them as a new graphical image...but I think I have used the word appropriately.

Not to nit-pick, but you say"...not to the generation of files". Nothing in this article has anything to do with files per-se...only a stream of "rendered" graphical data. (The sample test code does save this to a file for demonstration purposes, but otherwise files are not used.)

I'm not being testy, and this isn't a hill I'd want to die on...but I stand by my usage of the word.
Post #1451195
Posted Thursday, May 9, 2013 9:45 AM


SSCarpal Tunnel

SSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal Tunnel

Group: General Forum Members
Last Login: Monday, July 21, 2014 11:49 PM
Points: 4,973, Visits: 11,660
David Rueter (5/9/2013)
@Phil:

Not to belabor the point... but "generation and display of graphic output" sounds like it applies to a PDF...as well as JPG, PNG, HTML, etc. "Rendering" is not format-specific.

In common usage, web developers talk about "rendering" web page output. Browsers have rendering engines. Sometimes developers even call the process of preparing server-side emitted HTML and Javascript as "rendering".

I'm sorry you object to the use of the word "rendering" to refer to combining textual + graphical elements and outputting them as a new graphical image...but I think I have used the word appropriately.

Not to nit-pick, but you say"...not to the generation of files". Nothing in this article has anything to do with files per-se...only a stream of "rendered" graphical data. (The sample test code does save this to a file for demonstration purposes, but otherwise files are not used.)

I'm not being testy, and this isn't a hill I'd want to die on...but I stand by my usage of the word.


Ah, me neither and I'm happy that you've been so constructive in your response. My sense of 'rendering' is that it must include the action of displaying - so, for example, a JPG is rendered only when it is displayed, not when it is created.



Help us to help you. For better, quicker and more-focused answers to your questions, consider following the advice in this link.

When you ask a question (and please do ask a question: "My T-SQL does not work" just doesn't cut it), please provide enough information for us to understand its context.
Post #1451212
Posted Friday, May 10, 2013 9:06 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Friday, May 10, 2013 9:05 PM
Points: 3, Visits: 0


Wonderful.

Share a website with you ,

( http://www.ccmalls.net/ )

Believe you will love it.

We accept any form of payment.
Post #1451800
Posted Saturday, May 11, 2013 12:42 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: General Forum Members
Last Login: Today @ 12:18 AM
Points: 36,751, Visits: 31,202
ccmalls29 (5/10/2013)


Wonderful.

Share a website with you ,

( **website removed** )

Believe you will love it.

We accept any form of payment.


SPAM reported.


--Jeff Moden
"RBAR is pronounced "ree-bar" and is a "Modenism" for "Row-By-Agonizing-Row".

First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column."

(play on words) "Just because you CAN do something in T-SQL, doesn't mean you SHOULDN'T." --22 Aug 2013

Helpful Links:
How to post code problems
How to post performance problems
Post #1451852
Posted Sunday, May 12, 2013 10:22 AM


SSCarpal Tunnel

SSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal Tunnel

Group: General Forum Members
Last Login: Monday, July 21, 2014 11:49 PM
Points: 4,973, Visits: 11,660
ccmalls32 (5/12/2013)


Wonderful.

Share a website with you ,

( http://www.ccmalls.net/ )

Believe you will love it.

We accept any form of payment.


Spam reported again.

Please go away ccmalls.



Help us to help you. For better, quicker and more-focused answers to your questions, consider following the advice in this link.

When you ask a question (and please do ask a question: "My T-SQL does not work" just doesn't cut it), please provide enough information for us to understand its context.
Post #1451916
« Prev Topic | Next Topic »

Add to briefcase «««123

Permissions Expand / Collapse