Field of the invention The disclosure relates to a computer-based arrangement for database communi cation, wherein access to a database by computer systems is controlled.

Description of the related art

In traditional software development processes, there are usually two ways of op- erating a database in a software system. One way is to record/include database connection information, for example database IP, user name, password, port, etc., and database operation logic, for example SQL statements, into a software business code. Another way is to provide a database operation module sepa rately. In this case, the database connection information will exist in a database operation module configuration file as a clear text format, and the database op eration logic will exist in business code of the database operation module.

In a complex software system, the two traditional database operations are not easily applicable to expand the business code. Furthermore, the described known methods of database operation are largely not flexible, because a degree of coupling between business code and database operation code is relatively high. Consequently, a business developer has to write some complex database operation SQL statements when writing business code. As a result, the technical requirement on the business developer, i.e. the database expertise, is relatively high, and code development is difficult. Moreover, the development cycle is long, and it is often difficult to achieve the targeted development goal. Besides this, the database connection information and database logic will be ex posed to software business code or configuration file in the two traditional data base operation methods. This poses a potential risk to data security.

As agile development mode grows in popularity for software processes, the de mand for software development delivery progress and software quality will be come more critical. Due to the above-mentioned technical problems, the two traditional database operation methods cannot satisfy the progress and quality requirements in agile development mode.

There is a desire to provide a computer-based arrangement for database com munication, wherein a high degree of decoupling and encapsulation between a computer system and a database is ensured.

Summary of the invention

The problem to be solved by the invention is to provide a computer-based ar rangement for database communication which allows a high degree of decou pling between business code provided on a first computer system (application side) and database operation code provided on a second computer system (data service side). It is further desired to have a high architectural flexibility.

Solutions of the problem are described in the independent claims. The depend ent claims relate to further improvements of the invention.

An embodiment of a computer-based arrangement for database communication comprises a first computer system for executing at least one application pro gram, and a second computer system for providing at least one database and for evaluating data of the at least one database. The first computer system and the second computer system are configured to communicate with each other. The second computer system is configured to encapsulate the at least one database so that a direct access to the at least one database by the first computer system is prevented.

The first computer system is configured to send a communication request to the second computer system. The second computer system is configured to evaluate the communication request and to access the data of the at least one database in response to the communication request. The second computer system is con figured to process the data of the at least one database by executing a data oper ation and to provide a data operation execution result. The second computer system is configured to return response data to the first computer system in re sponse to the data operation execution result.

According to a possible embodiment of the computer-based arrangement, the second computer system may comprise a reverse proxy server being configured to receive the communication request from the first computer system.

According to a further embodiment of the computer-based arrangement, the second computer system may comprise a database server being configured to encapsulate database stored procedures and functions so that direct access to any database operations and raw data of the at least one database by the first computer system is prevented. Any database operation logic may be encapsu lated in the database stored procedures and functions.

In an embodiment, the communication is stateless. The first computer system and the second computer system may include a software architecture configured to use a stateless communication. There may be no context of the first computer system stored on the second computer systems between requests. Each request from a first computer system may contain all the information necessary to ser vice the request, and the session state is held in the first computer system. A ses sion state may be transferred by the second computer system to another service such as a database to maintain a persistent state for a period and allow authenti cation. Such a stateless architecture allows switching between different second computer systems (or different computers of the second computer system) and using different reverse proxy servers, which provides a further decoupling be tween the first computer system and the second computer system.

According to another embodiment of the computer-based arrangement, the sec ond computer system may comprise a data encapsulation server being config ured to execute the database stored procedures on the database server. The da tabase server may be configured to provide the data operation execution result to the encapsulation server. Furthermore, the encapsulation server may be con figured to encapsulate the data operation execution result and to return the en capsulated data operation execution result to the reverse proxy server. Any data base connection information may be stored in a configuration file on the encap sulation server. The reverse proxy server may be configured to return the encap sulated data operation execution result as the response data to the first com puter system.

The computer systems may be configured to use a representational state trans fer (REST) software architectural style.

According to a preferred embodiment of the computer-based arrangement, the first computer system may be configured to communicate with the second com puter system by sending a HTTP request to the reverse proxy server. In particu lar, the first computer system may be configured to send the HTTP request to the reverse proxy server by using a RESTful API communication architecture.

According to a possible embodiment of the computer-based arrangement, the reverse proxy server may be configured to parse the HTTP request and to con vert the HTTP request to a database request. The database request is configured to provide access to one of the database stored procedures. The reverse proxy server is configured to forward the database request to the encapsulation server.

The proposed computer-based arrangement for database communication can solve the database operation problems mentioned above for the traditional soft- ware development process. Since the business code is provided in the first com puter system on the application side, there is no database connection infor mation and database operation logic included in the application business code.

The business code and the database operation code rather exist in respective, separate code files and configuration files. In particular, the business code of the application side exists in the first computer system and the database operation code, i.e. the code files and configuration files, exists in the second computer sys tem.

Consequently, adding/modifying the code on one side/computer system will not affect the code on the other side/computer system. As a result, the proposed computer-based arrangement for database communication provides a high de gree of decoupling between business code on the application side of the first computer system and database operation code on the data service side of sec ond computer system.

According to the proposed computer-based arrangement for database communi- cation, the application side realized on the first computer system and the data base service side realized on the second computer system are completely iso lated so that database operation logic is completely hidden and totally invisible for the application business side. In particular, there is no database operation logic is included in the application business code of the first computer system, and all the database operation logic on the second computer system will be en capsulated into database stored procedures and functions. The database connec tion information may only be provided on the data encapsulation server. The only way to access the database from the application business side, i.e. the first computer system, is to send a communication request, for example a call of the RESTful API. In addition to the use of a data encapsulation server which is not visible from the application side of the first computer system, the backend data base server/data base instance server can only communicate with the data en capsulation server so that data security is ensured.

The second computer system of the data service side may comprise multiple re verse proxy servers and encapsulation servers. Moreover, it is possible to config ure and bind various logic of RESTful APIs to different encapsulation servers on reverse proxy servers. It is also possible to deploy multiple database servers to handle the same data business using master-slave mode.

In conclusion, the computer-based arrangement for database communication can support database service load balance and high availability perfectly. Moreo ver, it is possible to deploy multiple database servers, split the database read and write operations into different databases, and reduce the database pressure. Furthermore, the proposed computer-based arrangement provides support of micro service and SOA architecture as well as support of a cloud server architec ture.

In the case that an application has some database operation requirements, the computer-based arrangement for database communication allows to add/modify the stored procedures in the database and modify the configuration file on the reverse proxy server to set up any mapping relationship between new RESTful APIs and database stored procedures. As a result, any development work can be finished on a database service layer realized on the second computer system of the data service side.

When working with the proposed computer-based arrangement for database communication, application business developers only need to focus on the business code used in the first computer system of the application side. There is no need to be concerned with the database service layer implementation on the second computer system. All the database service layer operations may be im plemented by professional database developers. Application business code de velopers and database developers can do their work in parallel so that the com puter-based arrangement for database communication allows to perfectly satisfy the progress and quality requirements in agile development mode.

Additional features and advantages are set forth in the detailed description that follows. It is to be understood that both the foregoing general description and the following detailed description are merely exemplary, and are intended to provide an overview or framework for understanding the nature and character of the claims.

Description of Drawing

In the following the invention will be described by way of example, without limi tation of the general inventive concept, on examples of embodiment with refer ence to the drawings.

The figure shows an embodiment of a proposed computer-based arrangement 1 for database communication comprising a first computer system on the applica tion side and a second computer system to realize a data service side.

The figure shows the first computer system 10 for executing at least one applica tion program, and the second computer system 20 for providing at least one da tabase 300a, 300b and 300c and for evaluating data of the at least one database. The first computer system 10 and the second computer system 20 are configured to communicate with each other. In particular, the second computer system 20 on the data service side is configured to encapsulate the at least one database 300a, 300b and 300c so that a direct access to the at least one database, in par ticular to any raw data of the at least one database, by the first computer system 10 of the application side is prevented.

The first computer system 10 is configured to send a communication request to the second computer system 20. The second computer system 20 is configured to evaluate the communication request and to access the data of the at least one database 300a, 300b and 300c in response to the communication request. The second computer system 20 is configured to process the data of the at least one database 300a, 300b and 300c by executing a data operation and to provide a data operation execution result. The second computer system 20 is configured to return response data to the first computer system 10 in response to the data op eration execution result.

The application side, which is realized on the first computer system 10, refers to a series of applications which need to access a database. According to the pro- posed computer-based arrangement 1 for database communication, the applica tion side communicates with a database service side through a communication request which is sent from the first computer system 10 to the second computer system 20 or by response data which are sent from the second computer system 20 to the first computer system 10. The second computer system 20 comprises a reverse proxy server 100 being con figured to receive the communication request from the first computer system 10. The first computer system 10 may be configured to communicate with the second computer system 20 by sending a HTTP request to the reverse proxy server 100. In particular, the first computer system 10 may send the HTTP re- quest to the reverse proxy server 100 by using a RESTful API communication ar chitecture. The second computer system 20 further comprises a database server BOO being configured to encapsulate database stored procedures and functions so that a di rect access to any database operations by the first computer system 10 is pre vented. Any database operation logic is encapsulated in the database stored pro- cedures and functions to which there is no access for the first computer system 10, i.e. the application side.

The second computer system 20 further comprises a data encapsulation server 200 being configured to execute the database stored procedures on the data base server 300. In particular, the database server 300 is configured to provide the data operation execution result to the encapsulation server 200. The encap sulation server 200 is configured to encapsulate the data operation execution re sult and to return the encapsulated data operation execution result to the re verse proxy server 100. The reverse proxy server 100 is configured to return the encapsulated data operation execution result as a response data to the first com- puter system 10.

In the following, an exemplified communication process between the first com puter system 10 of the application side and the second computer system 20 of the data service side is described.

As explained above, the first computer system 10 of the application side may communicate with the second computer system 20 of the database service side through a RESTful API. For example, the first computer system 10 of the applica tion side starts a HTTP request through the RESTful API to the reverse proxy server 100.

In particular, the reverse proxy server 100 converts the RESTful communication request from the first computer system 10 to an easy-to-handle database pack- age/database stored procedure request, and then forwards the converted re quest to the data encapsulation service provided by the data encapsulation server 200. In particular, the reverse proxy server 100 receives the HTTP request which comes from the first computer system 10 of the application side, parses the HTTP request and repackages it to another HTTP/WSGI/UWSGI request, then forwards the new HTTP/WSGI/UWSGI to the data encapsulation server 200 for further processing.

The data encapsulation server 200 connects the database server S00 for execut ing the database stored procedures. In particular, the data encapsulation server 200 receives HTTP requests from the reverse proxy server 100. It parses the HTTP method and database stored procedure name and the corresponding pa- rameter values in a request string. Then, the data encapsulation server 200 exe cutes the database stored procedures on the database server 300 using the data base connection configuration information. The data encapsulation service pro vided by the data encapsulation server 200 bridges the connection between the RESTful request and the database. The database server 300 returns the data operation execution result back to the data encapsulation server 200. In a next step, a data processing program imple mented on the data encapsulation server 200 will encapsulate the execution re sult to a unified data format, for example into JSON format data, and return the encapsulated data operation execution result to the reverse proxy server 100. The data processing program on the data encapsulation server 200 needs to in clude several modules, for example a database connection module, an exception handler module, a parameter parse module, a database stored procedure execu tion module, and a database execution result processing module (processed into RESTful JSON format). The reverse proxy server 100 returns the encapsulated data operation execution result, for example the JSON format data, as response data to the first computer system 10 of the application side. The reverse proxy server 100 can be deployed in open source reverse proxy soft ware. The software to be used can be Nginx or Apache. The reverse proxy server 100 is embodied to configure the target server (data encapsulation server 200) to which the HTTP requests from the application side need to be forwarded. All the configurations on the reverse proxy server 100 can exist in a configuration file.

The data encapsulation server 200 will be deployed in open source UWSGI ser vice, customized data processing program which supports UWSGI and HTTP pro tocol. The data processing program can be developed through one of C, C++, JAVA, C#, PYTHON, GO, etc. The connection and login information of the data base server S00 will be recorded in the configuration file on the data encapsula tion server 200. The data encapsulation server 200 interacts with the database server 300 directly to carry out the data manipulation requests. According to a possible embodiment, the data encapsulation server 200 will encapsulate any database return result into a JSON format string.

The database server 300 will be deployed as a database system. The candidate database system can be ORACLE, MYSQL, SQL SERVER, etc. All the database op erations from the application side will be encapsulated to database stored proce dures and functions. All the database operations will be invisible to the applica- tion side. The database operation may include commands such SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, TRUNCATE, RENAME, ALTER, AUDIT, GRANT, COMMIT, ROLLBACK, etc.