[threeseed]

There is this myth that schemas must be enforced at the database level.

But the majority of databases are only accessed by one web app. And in that web app you can enforce that schema in code. In fact in code you have much safer and powerful options e.g. enforcing business rules such as this string field must start with aaa.

[fiedzia]

>There is this myth that schemas must be enforced at the database level.

You must have single point to enforce anything. This is very rarely the case with the app, where a) there will be 20 places that access database and b) often some tasks are done by operating on a database directly

Some rules cannot be enforced by database, sure, but "a field must exists and be a string" is infinitely better than noting.

[adoxyz]

The thing about MongoDB is that it does support $jsonSchema for enforcing a schema in a very flexible way. So rather than having to have a strict schema for every piece of data, you can use $jsonSchema for as little or as much of your data as you see fit so really you can have the best of both worlds.

For reference: https://docs.mongodb.com/manual/reference/operator/query/jso...

[threeseed]

You do have a single point to enforce everything: code.

In most cases it is only a single web app connecting to a database and in micro-services architectures you can enforce it through a shared database access library.

And any company that allows users to make direct changes to a database without going through some security layer is pretty incompetent. Quite sure you wouldn't be able to get PCI/HIPAA certified with that sort of behaviour either.

[fiedzia]

>You do have a single point to enforce everything: code

"code" usually is made of many smaller parts, what will keep those in sync to enforce anything? You are placing a burden on a developer (even more likely - on a group of developers), that just doesn't work in practice.

> And any company that allows users to make direct changes to a database without going through some security layer is pretty incompetent

Sure. But without schema at database level, there is no "security layer" to rely on. And you will eventually need to make a change that cannot be done via UI.

[wmf]

In reality people don't do this. When people use schemaless databases, usually they don't even know what their schema is and it gets enforced in an accidental, half-assed way.