Dear friends, we are pleased to announce that after hard work that we've done the goal is very close. Only 2 weeks before the conference, that we have been preparing for almost a year. We are confident that our work will not pass in vain, and you will be happy with the result. In the meantime, another digest of the teasers that were announced this week!
Drug-free Web development with PostgreSQL and c2h5oh
The talk will be about Web programming. When building Web projects, well-known frameworks written in PHP, Python, Perl, Ruby, Java and so on are employed. I propose to turn them down and use only PostgreSQL and C2H5OH, an extension for the high-performance server nginx, for development of Web applications. This extension allows for effective utilization of PostgreSQL as a Web application server. I intend to share my personal experiences of development with mentioned instruments, explaining their pros and cons.
Bullet-proof backend on PostgreSQL
At the present moment, when frameworks are capable of protecting your application from injections and cross-site scripting straight "out of the box" and writing SQL all by themselves, it's quite easy to feel safe and comfortable, and lose control over your data.
In a typical Web application, queries to database objects are performed by the same database user who created those object. In such case, a vulnerability in the application's code equals theft and/or destruction of all information. Experienced developers sometimes restrict privileges for performing the most "tough" command, such as DROP TABLE / DATABASE or even create separate users who are only able to read or write into specific tables.
Unfortunately, even such an approach is futile. An intruder, once received access to the database under application user's credentials who possesses a read-only access, would be able to scan the whole table which could be critical and unacceptable by the business. A Row-Level Security Policy (RLS) feature was announced for the 9.5 version of PostgreSQL. However, as the bright future has yet to come, our task is to make a bulletproof back-end by employing stored procedures.
How to create database users properly? How to transfer application-level logic into stored procedures and grant relevant privileges in order to protect the data sufficiently? How to test and deploy changes to back-end that was designed in such manner?
Improving Postgres' concurrency
Postgres has for a long time been lauded to handle concurrency well, being able to process more requests if additional resources (CPUs) are added. Unfortunately, after that had been determined many years ago, not much work had been put into the topic. But since then the number of cores and the general architecture of parallel systems have changed, which to led to the situation when we don't scale as well as we'd like.
I'll talk about recent changes to scalability (9.2, 9.5) that improved things considerably and what the biggest remaining scalability concerns are.
Some of the remaining issues can mainly be addressed by changing Postgres, others can be worked around on the application side.
Green light for developers — from start-up to the stars
We are Zalando, one of the biggest online stores that sells fashionably clothes in Europe. Just in five years of its existence the company attracted more than 13 millions of active buyers from 15 countries of European Union. At the present moment more than 800 developers and product managers continue to improve and expand our service.
PostgreSQL plays one of the key roles in Zalando's success. A small team of database engineers managed to employ foremost features of PostgreSQL by means of removing the difficulties pertaining to modification of the data model and the storage itself, inherent in many other relational databases. This gave our developers a green light for rapid and continuous improvement of the product.
I will tell you about the necessary processes, practices and peculiarities of utilizing PostgreSQL in agile teams. I will also present our open-source software that makes the life easier for all developers and those DBAs who are still encountered in the wild life.
Subscribe to news and events:
