|
|
|
|
|
|
by Nextgrid
1656 days ago
|
|
|
> The first alternative architecture has been discussed a bit recently: a frontend which directly sends SQL queries to the backend, getting data back and rendering with a typical frontend framework. The problem is that you can't trust the frontend - a malicious user can pretend to be the frontend but then send any SQL they want. This also makes it very difficult to do any server-side logic if all the server gets are data modification commands. The only scenario I can see this working is where you're dealing with read-only, public data, where the users are legitimately allowed to access all the data in the DB. > The other alternative is to have the server do all the rendering, keep (most) working user state in a serverside structure, and hold open a websocket to stream effects from the client and updated components from the server. I believe this is what Phoenix LiveView implements. |
|
|
It was weird and ultimately at least Postgres couldn't support a cryptographic operation within a constraint, but it was fun to play with.
I make no claim any of this is practical right now, but I think there's at least theoeretical room to grow for that approach.
I'll look more into Phoenix! Thanks.