In Chapter 4, I described how a Microsoft SQL Server virtual directory can be published to allow users access to a database over HTTP. In this chapter, I’ll explain how you can publish XML templates to encapsulate the data you want to make available. Using XML templates gives you a more controlled security environment than simply allowing users to send queries in a URL to a server for data retrieval.
Templates contain one or more queries that retrieve data from the database. The results are then sent to the calling browser or client application. Because the client receives only the query results and not the source code for the query, the data access logic is encapsulated like the source code of an ASP file. This arrangement allows you to publish data securely over the Internet. For example, Northwind Traders could make the product catalog available over the Internet by creating a template that retrieves the necessary data from the database. Customers could then simply access the template using a browser. Customers would never see the SQL used to access the data; they would see only the resulting product list.