Since version 1.20 ConfiForms enabled new ways of integrations with existing databases. You are now able to create ConfiForms fields which use the database tables as their sources.
Since version 1.22 we have enabled support of database-aware funcations to lookup values in DB via ConfiForms Field Definition Rules macro and to create/update records in the database with ConfiForms IFTTT macro.
These are very powerful features and enable us to support largest than ever set of use-cases. But the power comes with responsibilities.
Please have a look at some details we want you to consider.
- When you create a configuration make sure the user account, you use for connecting to database has as less permissions as possible
- ConfiForms database fields may cause additional load to your database, make sure the SQL queries are optimized and efficient
- Take care of proper escaping of parameters in your queries and SQL injection vulnerabilities. See helper functions in Virtual functions
- Remove unused condigurations, as they may still have active database connection pools
- Restrict usage of your configured connections. ConfiForms has a way to restrict defined database connections and allow usage only to qualified users. This means that the form using such fields can be created by such users only, but used by anyone else (who has page read permissions for the page where form is defined)
- The list is not complete!!! And should not be considered as such
Tutorials on database fields: