• Post Reply Bookmark Topic Watch Topic
  • New Topic

Where to place Data Access Objects (DAO)?  RSS feed

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm not sure if i'm asking the right question, but I'll give it a go.

Where should DAO classes containing the actual SQL statements be placed in a client/server application, client or server?

In my scenario, I have:
- a database User table;
- a Javabean User class;
-a UserDAO class (where the SQL statements to access the User table from DB are).

From what I've read, a couple of the advantages of creating DAOs is that it makes your code more modular and also hides, in a way, your database structure from the outside world, in this case, the client side application (feel free to comment and/or correct me if that's not really it).
Having that in mind I am a little reluctant to place the UserDAO class in the client application because the user may see the SQL statements if he/she eventually sees the source code. And I'm not sure if letting the user see a little from the database structure (e.g. String queryString = "INSERT INTO users(username, password, firstName, LastName, address, userGroup, role, country) VALUES(?,?,?,?,?,?,?,?)"; ) is a good practice security-wise.

If my guess is correct and the user should not see anything regarding the database schema structure, I would assume I should place this UserDAO class somewhere in the server application. But how would the client have access to the UserDAO class methods in order to query the database? Should I send an UserDAO object with ObjectOutputSteam to the client so it has an UserDAO instance but not access to the implementation of this class? Is there a more efficient way or practice to approach this issue or this is the way to go?

Thank you in advance for any ideas.
 
Bartender
Posts: 1051
5
Chrome Eclipse IDE Hibernate
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Alex

I would split your tiers into presentation (client), business (server) and persistence (server). Your DAOs would sit in the persistence tier. I always take the stance that a client should have no idea how/where the data is persisted and will always go through the business tier to access/modify that data.
 
Don't get me started about those stupid light bulbs.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!