web services - Best way to access a remote database: via webservice or direct DB-access?

Question

I'm looking to develop an application for Mac and iOS-devices. The application will rely on information stored in a remote database. It needs both read (select) and write (insert, update, delete) access to the database. The application will be a multi-user application.

Now I'm looking at two different approaches to access the database: - via web service: the application accesses the web service (REST, JSON) which accesses the database. Authentication will be done via HTTP authentication over SSL (https). - access the remote database directly over a VPN.

The app will be used by a maximum of let's say 100 people and is aimed at small groups/organizations/businesses.

So my question is: what would be the best approach to access the database? What about security and performance? What would a typical implementation for a small business look like?

Any advice will be appreciated.

Thanks

Answer 1

Using web services adds a level of indirection between the clients and the database. This has several advantages that are all due to the fact that the clients need to have no knowledge of the database, only of your web service interface. Since client applications are more complicated to control and update than your server side code, it pays to add a level of business logic on the server that lets you tweak your system without pushing updates to the clients. Main advantages:

• Flexibility - you can change the database configuration / replace the data layer altogether and change nothing on the client apps as long as you keep the same web service interface.
• Security - implement some authentication mechanism for your web services, and avoid giving clients access credentials to your database engine.

There are some disadvantages too: you pay for that flexibility by adding a level of complexity - it'd probably be faster to just code the database access into the clients and get done with it. Consider the web services layer as an investment that might pay dividends down the road. Whether it's worth it really depends on your business requirements and outlook.