M
Mark Biamonte
Guest
I recently presented at a local meetup and the audience were highly technical. I am posting some of their questions that were a little technical: 1. How can we manage the version of the json? Does OData accept header/mimetype? Can we map schemas to specific JSON versions? I am not sure what is meant by “version of JSON”. Are they asking about the model exposed by OData? The JSON that is returned from a query is defined by the model. If the model changes, the JSON in the response will change. In the OData 4.0 spec the CSDL syntax that is used to define the OData model does not have a way to assign a version to a model. The intent was that once an OData API was published at a given URL, its model would not change. If there was a change to the model, then a new (possibly versioned) URL would be provided. There were enough requests though for being able to version the model that a SchemaVersion annotation was added to the CSDL in the coming OData 4.01 specification. A specific version of the model can be requested with the SchemaVersion request header for OData 4.01 2. How is pagination taken care of when the data is frequently changing like in the case of twitter or tumblr? Pagination is done on a per query basis. Typically if query capability is done on a streaming service like twitter, then the query is done for a particular time slice. If there is more data in that time slice then the data will be broken up into pages. 3. Can we perform Joins across federated databases? OData does not preclude federating data from multiple sources. D2C / HDP does not currently support joining data across multiple data sources. 4. Is OData susceptible to sql injection or other security attacks? The first part of this query is like asking if SQL is susceptible to SQL injection attacks. OData is a query language with which you can query anything that is exposed by the model. Like SQL, if the application only wants to expose certain parts of the model, the application will need to provide those restrictions. As for security attacks, this will depend on the implementation. I am not aware of any security flaws that are specific to the OData specification. Since OData is exposed as a REST API, the implementation must guard against security vulnerabilities like any other REST API. The D2C and HDP implementations follow the OWASP guidelines for protecting against known security vulnerabilities. D2C is also subject to routine security scans and penetration testing both by internal resources and independent external resources. Can someone please answer these questions on OData in general? (Please also include any restrictions specific to OData feeds from D2C/HDP)
Continue reading...
Continue reading...