|
|
|
|
|
|
by ywei3410
2058 days ago
|
|
|
I’m skeptical of no-code solutions because every once in a while, a user does
something really problematic without knowing that they do — this isn’t a criticism
of the user; how can they be expected to understand, let’s say, security, if they
don’t have a rudimentary understand of cryptography or client/server models? A more physical analogy is that I do DIY — including internal wiring of the house. I’m
comfortable doing that because I’ve read through the whole of the regulations and have
a degree-level education in Physics and understand the risks. If a stranger asked
me whether they could wire their house through Youtube videos I still wouldn’t
happily say yes — even though theoretically there’s enough good information out
there to wire a house. |
|
|
That is, an approach of the user not understanding these things and so deliberately going for a black box, just-works-in-exactly-this-way solution that's centrally tested, audited and maintained across the no-code platform is actually pretty great for security.
Having an understanding of how these things work, even a really good one, does not preclude mistakes if you want to do things customly - on the contrary this only ever increases the surface area for mistakes.
You might argue, and it often is argued in engineering (use the auth provided by your framework, well-trusted ecosystem libraries, etc), that it's better to just rely on known good solutions even when you do have a great understanding of the principles for this reason.