Architecture advice for C# web app that connects to POS system

Question

I want to develop a C# web application that will allow customers to go online to view current inventory levels for a retail shop I have. The shop uses a POS system with a SQL Server backend.

The app would be hosted outside the firewall on a separate server. I'm wondering if it'd be more prudent from a security and/or performance prospective to create a local DB script that replicates the requisite data out to a separate DB (likely on the same server the app is hosted) refreshing every 10-20min or so, than to simply have the web app talk directly to the live POS database.

I can't afford to have the app impact the performance of the POS system in any way. The app connection would be read-only and limited to that sole inventory table, but even with pooling I'm unsure if a few hundred web users pinging the live DB would impart any latency or undesired effects.

Answer 1

If your web application is strictly read-only, then you can have perfect security by having the web application have only datareader permissions on your POS database - no replication or other complicated steps will be necessary.

As for performance - even a basic (Core i3, 5200rpm HDD, 2GB RAM) server can handle a few hundred simple SQL queries per second for a modestly-sized database. Considering how modern database servers cache a lot of data in RAM it means that read queries are amazingly cheap.