IntroductionIntroduction
  InstallingInstalling
  HandlingHandling
  Virtual serversVirtual servers
  ModulesModules
  FilesystemsFilesystems
  RXML tagsRXML tags
  GraphicsGraphics
  ProxyProxy
  Miscellaneous modulesMiscellaneous modules
  Security considerationsSecurity considerations
  ScriptingScripting
  DatabasesDatabases
    <SQL module>SQL module<SQL module>SQL module
    <SQL databases>SQL databases<SQL databases>SQL databases
    <SQL user database>SQL user database<SQL user database>SQL user database
    <ODBC>ODBC<ODBC>ODBC
  LDAPLDAP
  FrontPageFrontPage
  UpgradingUpgrading
  Third party extensionsThird party extensions
  PortabilityPortability
  Reporting bugsReporting bugs
  AppendixAppendix
 
Databases

Combining databases with the web has many uses. The web is very good for presenting data from databases and for making database driven applications available to the whole world. Challenger includes modules for database connections. These modules, together with such modules as Business Graphics and Wizard, makes it simple to do reports from databases as well as applications. Challenger also contains a module that uses a table stored in a SQL database for doing user authentication.

Challenger needs a Pike module to be installed if it is to connect to a certain kind of SQL database. By default, modules for the free databases ODBC, mSQL, MySQL and Postgres are provided. Modules for connecting to Oracle, Informix are available with the full Roxen Platform.

Database URLs
A connection to a database is specified with an URL-like syntax:

dbtype://user:password@db.host/dbname
The database type dbtype is one of msql, mysql, postgres, or odbc. The user and password are used for authentication of the user in the database server, db.host is the name of the machine running the database server and dbname specifies the name of the particular database.

Symbolic names
You do usually not want to specify a full database URL in a RXML tag. With the SQL Databases module you can give symbolic names to database URLs. This makes it unnecessary to have any database passwords in the actual web pages. It also makes it possible to change databases without changes to the pages.

Security considerations
Your foremost security consideration when it comes to databases is to make sure that only the SQL queries you intend get sent to the database. This means handling user input in such a way that it can never change the actual SQL query. This is done through quoting. The formoutput page in the Web Site Creator manual documents shows how to do it in RXML.

To reduce your risks, use the access control system of your database to make sure Challenger only has permission to do what it actually needs to do. If you use Challenger to provide reports from the database, Challenger should only be able to read tables, never modify them.