|
|
|
|
|
|
by lelanthran
454 days ago
|
|
|
> (I haven't used a system like that. I'm intrigued by the idea of a backend that's just a database but it weirds me out not to have to write a layer that says who can read what. Exposing the database that nakedly feels super dangerous.) In my (closed) product that exposes the database to the frontend, the "exposure" part has, effectively, row-level access control.[1] [1] Also role-based using groups. I additionally mark the read-only queries as read-only and these are executed on a read-only replica. |
|
|