At presentations, people sometimes suggest that having syntax like 'DELETE FROM valuable_resource' is inherently dangerous.
Why is it more dangerous than the subject line, a syntactically valid ReST request, that achieves a similar result?
Either one is safe, if the authorization is handled correctly. The SQL syntax, though, is immensely more powerful, as the request can be arbitrarily complex, with built-in filtering conditions.
A sample query:
SELECT distinct word, array_agg(lemma) AS lemmas, bool_or(pronoun_suffix) AS suffix, array_agg(part_of_speech) AS pos, array_agg(part_of_speech_detail) AS posd, ARRAY(SELECT alt FROM alt_words a WHERE a.word = w.word) AS alts, min(lemma_idx) AS idx FROM wordlist w WHERE word IN ( SELECT min(word) FROM wordlist w WHERE (substring(word FROM 1 FOR 1) = %s OR substring(word FROM 1 FOR 1) = %s) GROUP BY substring(word FROM 1 FOR 3) ) GROUP BY word ORDER BY word ASC LIMIT 1000;
The above query gets a list of words reduced so that consecutive words do not differ after the 3rd character. This may seem like a arbitrary example chosen for rhetorical effect, but is an excerpt from a working app.
The SQL query can be implemented by the front-end programmer to suit his or her particular needs. The same flexibility could be incorporated into a ReST request handler, but that would not be front-end anymore. Rdbhost lets you, the front-end programmer, write powerful server queries directly in your browser code.