Virtual servers
  RXML tags
  Miscellaneous modules
  Security considerations
    SQL module
    SQL databases
    SQL user database
  Third party extensions
  Reporting bugs

Combining databases with the web has many uses. The web is very good for presenting data from databases and for making database driven applications available to the whole world. Challenger includes modules for database connections. These modules, together with such modules as Business Graphics and Wizard, makes it simple to do reports from databases as well as applications. Challenger also contains a module that uses a table stored in a SQL database for doing user authentication.

Challenger needs a Pike module to be installed if it is to connect to a certain kind of SQL database. By default, modules for the free databases ODBC, mSQL, MySQL and Postgres are provided. Modules for connecting to Oracle, Informix are available with the full Roxen Platform.

Database URLs
A connection to a database is specified with an URL-like syntax:

The database type dbtype is one of msql, mysql, postgres, or odbc. The user and password are used for authentication of the user in the database server, is the name of the machine running the database server and dbname specifies the name of the particular database.

Symbolic names
You do usually not want to specify a full database URL in a RXML tag. With the SQL Databases module you can give symbolic names to database URLs. This makes it unnecessary to have any database passwords in the actual web pages. It also makes it possible to change databases without changes to the pages.

Security considerations
Your foremost security consideration when it comes to databases is to make sure that only the SQL queries you intend get sent to the database. This means handling user input in such a way that it can never change the actual SQL query. This is done through quoting. The formoutput page in the Web Site Creator manual documents shows how to do it in RXML.

To reduce your risks, use the access control system of your database to make sure Challenger only has permission to do what it actually needs to do. If you use Challenger to provide reports from the database, Challenger should only be able to read tables, never modify them.