[fiedzia]

>There is this myth that schemas must be enforced at the database level.

You must have single point to enforce anything. This is very rarely the case with the app, where a) there will be 20 places that access database and b) often some tasks are done by operating on a database directly

Some rules cannot be enforced by database, sure, but "a field must exists and be a string" is infinitely better than noting.

[adoxyz]

The thing about MongoDB is that it does support $jsonSchema for enforcing a schema in a very flexible way. So rather than having to have a strict schema for every piece of data, you can use $jsonSchema for as little or as much of your data as you see fit so really you can have the best of both worlds.

For reference: https://docs.mongodb.com/manual/reference/operator/query/jso...

[threeseed]

You do have a single point to enforce everything: code.

In most cases it is only a single web app connecting to a database and in micro-services architectures you can enforce it through a shared database access library.

And any company that allows users to make direct changes to a database without going through some security layer is pretty incompetent. Quite sure you wouldn't be able to get PCI/HIPAA certified with that sort of behaviour either.

[fiedzia]

>You do have a single point to enforce everything: code

"code" usually is made of many smaller parts, what will keep those in sync to enforce anything? You are placing a burden on a developer (even more likely - on a group of developers), that just doesn't work in practice.

> And any company that allows users to make direct changes to a database without going through some security layer is pretty incompetent

Sure. But without schema at database level, there is no "security layer" to rely on. And you will eventually need to make a change that cannot be done via UI.