Why server-side formulas matter (from a business orientation)
Fri 7 Feb 2020, 12:09 PMTweet
by Ben Langhinrichs
If you saw my post announcing our Exciton product line and the Exciton Boost beta, Get your excite on! or watched the preview video, you may have wondered what the big deal was about SSFS, or Server-Side Formula Support. I thought I'd lay out one quick business case.
Scenario: Triggering a tender offer
A mobile web application is built which allows brokers to trigger tender offers. All they really need to transmit up the line is a status change on the offer sheet, changing a text value from Pending to Active. But it is critical that the pricing information and assigned broker on the tender offer are accurate and up-to-date, so data must be pulled into the tender offer from both the volatile Pricing database and the less volatile Broker Manager database to be sure up-to-the-second prices are correct and that a Broker Manager with a status of Available is used.
Using an authenticated session with domino-db, a simple query is passed up matching the selected offer and the text value of Status is set to Active. The broker executing the command doesn't need to know, but it looks something like this:
This changes the status, saves the Tender Offer, and....
At this point, a few things could happen.
Option 1: Web App queries for the data
The web app could query both the Pricing and Broker Manager databases, then send another message to update the Tender Offer, but if anything chokes, it is out there and active with the wrong information. Or the web app could have queried those pieces of information and set all three at once, but if anything chokes, the pricing information might be stale before the status is changed. In either case, information that does not belong on the client must be transmitted down, and access to the Pricing database from domino-db must be allowed.
Problem: Who let the data out?
But a key component of security is that you keep data where it is needed and secure, and let as little as necessary out of the secure environment. In other words, even if the credentials are good and the application is presumed to be secure, don't transmit any more information down to the client than necessary.
Option 2: Agent acts on new and modified documents
Another option is to have an agent on the server checking for new and modified documents. It can do the queries, set the data, etc.
Problem: Time is of the essence
The new and modified agent isn't triggered by a change like an event. Instead, it periodically scans the database. That may happen every five minutes or every hour, but it always leaves a window where the document may not be up-to-date. We could have the web app change the status to AlmostActive, and have the agent change it to really Active, but in that interval, the broker thinks it has been activated when it really hasn't.
If this were a regular web app instead of Node.js, there could be a WebQuerySave agent on the form, but those don't trigger for domino-db.
Option 3: SSFS (Server-side formula support)
With our Exciton Boost product, the logic could be changed to do @DbLookups or even more complex formulas to retrieve the correct data. It would happen simultaneously with the save, so if the lookups failed, the status change would fail. Since these are server-side, databases can be accessed with the credentials of the user but without providing direct access to the client.
Copyright © 2020 Genii Software Ltd.
What has been said: