Launch HN: BaseDash (YC S20) – Edit your database with the ease of a spreadsheet
I was working on a side project a few years ago that required a lot of manual data management. I was using Django Admin which was fine, but wished I could just set up a two-way sync between my SQL database and Airtable (without any crazy Zapier workflows).
After building a quick prototype as an internal tool, I realized that there was a space missing for a product somewhere between an admin panel and a database client. Something with an amazing interface that's usable by both engineers and non-technical users who need to access data within their company (e.g. customer support, operations).
From there, I built BaseDash with a strong focus on expanding upon existing tools I love, with extra care and polish. The resulting product is a polished, opinionated internal tool, with all the functionality most companies need out-of-the-box.
Being a web app, there are some great features that BaseDash enables for cross-functional teams. BaseDash keeps a full edit history of all changes made, makes it super easy to share access to teammates, and enables Google Sheets-like real-time collaboration for editing data.
We currently support most SQL databases (PostgreSQL, MySQL, Redshift, SQL Server, MariaDB), with support for MongoDB and Firestore on the roadmap. We offer a hosted version, or you can host it yourself on-prem.
We're still in early access but happy to invite the Hacker News community to try the product out. We're currently focused on small-to-medium sized software companies, with a combination of engineers and non-technical users. Try it here: https://www.basedash.io and let me know what you think!
100 comments
[ 2.8 ms ] story [ 163 ms ] threadIs it basically a less intimidating version of that?
I tend to think of tools like DBeaver as being built for individual, technical users, while BaseDash is built for cross-functional teams.
Yes! If you add to this [0] a managed database offering of your own (ala airtable) and make it tres simple to (ab)use, then that'd be something. All the best.
[0] database is the app?
- Companies where editing the dB can have a large impact (eg banks) - Companies affected by privacy regulations (eg GDPR) - Companies where outages are expensive (eg Operations systems) - Companies where the database is valuable and export risk is high (eg customer data).
> Skip the waitlist, this week only
> We're opening access to BaseDash for the next week during our Hacker News launch.
Usually when someone is like “act now” I’m like “yeah right”. But in this case, whether it really matters or not that I sign up exactly this week, the fact that you put some effort into connecting the text to the HN post made it feel more genuine and was sufficient to instead make me go “alright I’ll do it”.
I don’t immediately have time to use it but I can tell that this product is useful so I’m making a mental note to log back in in the future and check it out more. For now I was happy to see that in addition to the UX niceties that were mentioned on the landing page, you guys make it possible to configure a connection with SSH between your servers and the db servers of the user. That is very encouraging to see :)
I think on top of that it would be neat if you also offered users to configure connections that go through Wireguard, as I run Wireguard on my personal server and I know other people do too. I guess one guy asking for Wireguard is probably not going to convince you to add it. But who knows, maybe others will request it too ;)
I'll keep Wireguard in mind :)
Do the math with me to feel the pain:
-I use the product $50/month great
-My team use the product $300/month (6x50€) bearable if product really fit our need
-My team want to share access in read-only mode with the whole department 2500$/month (50x50) acceptable only if it's a core unavoidable product
Almost everytime there is no real technical difference between hosting service for use case 2 and 3. So I get that the business model intend to milk as much money from large organisations that shit gold and can't do basic math. But in the process you are cutting yourself from all small/medium company that just seek to pay a fair price.
To keep it simple I believe the basis should be that read only are always free or linked to paying (like get 50 read-only license for each paying editor licence). This better reflect real world situation.
The reason we typically don't directly edit production data like this is because of application level concerns or validation.
I think it's important that any tool like this allows a way to replicate that safety in some way, otherwise it's as risky as using a GUI client directly. Access control (which this does) addresses security and starts addressing safety, but there's a lot more necessary to get to the safety that is often enforced at the application level.
There's an argument that the validation should be in the database, and that's nice when it's possible, but it's often not. For any application using Rails/Django, anything else along those lines, anyone interacting with the database mostly via an ORM, will typically not be putting this sort of validation in the database in _all_ cases – thinking about enums, fixed slugs, relative dates, timezone support, etc.
"Your app's data is never stored on our servers with the exception of edit history which lets you audit all changes to your data" from: https://www.basedash.io/pricing
Not the most convincing sell but not that they did not address this concern at all.
Yes an audit log may help you notice these and fix them, but that's probably not going to be enough for anyone running a product in production off this database.
What happens if you have a field that's supposed to be 0-9, but it's an int field and someone types in 22 on accident? Sure it might be valid for the database, but it's not valid for the application.
There's certainly different ways to take the problem, but it needs to be considered.
This is why database constraints exist.
Any sufficiently long lived database ends up with more than one code base connected to it. Enforcing rules in the database ensures a baseline level of data sanity.
But ....
In the wild, database constraints are rare. I even often see databases without any foreign key constraint.
We have a new client like that. application developed in the past 3 years on postgres, uses all the buzzwords (microservices, Kubernetes, terraform, ...). The only constraints in database is on primary keys. The site moves up to 500k EUR per day.
This is far from rare.
What comparative ORMs do you use for non-django, or non-python languages?
Unfortunately, I think a lot of new developers resort to MongoDB because they think it's better for early stage evolving schemas. It's certainly more open to changing your schema on the fly, but perhaps not for the better.
...obviously, technical stuff like consistency seems problematic too.
I think ultimately BaseDash would hook into your existing validations (e.g. through models.py) to handle this.
This means that BaseDash would have to be able to securely execute arbitrary Python code... which means that now you also need to package and deploy the code to BaseDash because you might need libraries, resource files, etc, and now BaseDash is essentially a full-blown deployment target with all the complexity that comes with another deployment process.
I suspect BaseDash wants to avoid this!
One option might be to flip this on its head, and make BaseDash validation libraries that plug into things like Django/Rails, and a) allow serialisation of rules and uploading to BaseDash at deploy time, and b) _disallow_ or warn when that serialisation isn't possible, such as with custom validation.
This option would mean BaseDash doesn't need access to the codebase and deployments are much simpler, but comes at the cost of BaseDash likely needing to provide libraries for most popular ORMs/environments, and at the cost of developer overhead in integrating and customising/maintaining those integrations.
We have very complex business logic directly tied to our Rails / ActiveRecord validations (and, btw, they are a blessing).
Also, it's not only validations. We rely heavily on ActiveRecord callbacks, which are awsome. We have hundreds of before_save, after_save, after_create_commit, and so on, all over our models, and they are also indispensable to our business rules.
For a simple example, if I need to sync my User model with Mailchimp after an e-mail update, this tool would not fire the after_commit callbacks.
Having said that, I would definitely pay for a "service" that would act as gem in my application, mount itself on a specific endpoint (think /turbo-admin), and give me the exact same feature set I saw on this landing page, but with the ease of mind that all our updates would go through Rails, running validations and callbacks.
Of course all these integrations have to be taken care of and I am not there yet, but it is in the choices I have made already.
- My product is on-premise by choice so teams have more confidence about giving 100% access to everything internal
- It will connect directly with your existing logic through APIs (REST) or RPC (I will be going gRPC way)
This means developers will be able to re-use and attach existing logic to the Business dashboard/Admin application which is running separately.
What do you think of that approach?
This is awesome. I was considering building it myself, but it's always a pleasure to see someone else deliver a working product on an idea you've been bouncing around. Good luck, this is a relatively 'simple' product with a huge market.
And dashbase looks like a well done product for a new project - what does you stack looks like frontend and backend ?
And have to agree with others that dashbase is pricey though!
It will be nearly impossible to convince management to pay $600 per year.
Can you tell about usecases of your early users who are paying for this ?
If not, you need some sort of admin interface (could be a couple forms) to address this properly so invalid data can't be plopped in OR any changes should be documented and sent to someone technical even if it's a typo fix. It seems fun and easy but production data isn't something you should wrap in an excel interface and give to any and everyone. $600 a year so your boss can update names and dates is kinda hard to justify as well.
Why do you "hate" it? (such a strong word!) My only complaint is that I need to invalidate the connection every time I don't query anything for a few minutes, otherwise the next query hangs for like 50 seconds. But apart from that, I think it's great, especially for a free product. And the project is very active, it gets a new release about every 15 days.
I have NOT come across connection invalidation problem though.
Sounds like you messed up the connection settings, I have never had this problem using DBeaver for years across companies.
As others mentioned, our current pricing is in line with higher tiers of other internal tools, mostly geared towards startups with revenue or funding. We're hoping to add cheaper (and free!) plans moving forward once we validate that we can make money from SMBs.
Early customers are using the product for customer support, order management, basic analytics dashboards, data entry. Good mix of technical and non-technical users within teams.
I wrote something similar to BaseDash ages ago, I called it dAgent (for database agent). I had it running for many different clients from all sorts of trades (I do custom development). The GUI built itself from reading the DB schema.
My initial motivation was to cut dev time since dAgent would automate the coding of CRUD interfaces. However, the use of dAgent in production ended up being quite limited: maybe only used to edit catalog data (i.e. add a city to the cities table). The reason for this limited usage is no mystery: one can easily break things. In particular non-IT users can break things.
Allow me to use an example. You have a CRM with a customers table. On that table there is a field called status. For that field, dAgent would load a select input using the related table statuses, there was no risk to break integrity. However, in the business logic of this CRM, changing the status of a customer is the result of running a process. That process not only sets the status of a customer to a new value, but also writes a history log, sends email notifications and perhaps triggers an invoicing process.
Now, imagine a non-IT user changing the status field of a customer using a tool such as BaseDash. Now you have a customer in status active who is able to login to your paid SAAS but has never being invoiced.
Many such nightmares can happen when users can directly edit a DB.
For this reason, in production, dAgent features where limited to CRUDing simple catalog tables. It did help, but was not the silver bullet I had hoped for. On the other hand, IT users would never adopt dAgent since the DB engine provided a much more robust and feature-rich admin GUI. I was not in the business of competing with PHPMyAdmin, so I eventually dropped the project.
As danpalmer said, I suspect it might be tricky to ensure data integrity if non-technical people are bypassing app-level validations.
That said, while I may not use this for my mission-critical data, I do think there's a lot of potential in using this as a headless CMS. I'm currently using Airtable, and its API limits make it unusable for anything apart from light workloads. Also, doesn't have webhooks.
But, if I can use BaseDash instead as my CMS and have my marketing team handle the data through a familiar interface, while design + dev source the data into Figma & a static site through an API respectively, I see myself paying for this.
In addition to that, the TOS clearly wash their hands if something goes wrong. I use airtable extensively in my personal projects and at work which seems to work fine.
One more thing i observed about the company structure is that they're based in Delaware in a virtual office. Now, i know that as startups go, this isn't unheard of but trying to get this past legal would be nightmare.
Congratulations on the launch though.
We offer on-prem, and expect a good portion of SMBs to use it over our cloud version.
Good catch on the virtual office! We're actually based in Canada, that's our US company's legal address.
The reason i am asking this is that even a small startup can have multiple databases in production. A single license of DataGrip might sound more beneficial in that case.
He said, "For small, and really small companies they already have the talent to deal with the database directly because that's how they handle most of their problems because they don't have a "console" interface. So this would be just another product for them, and the technical staff wouldn't find it terribly useful because they already know how to interact with the database.
For medium to large companies it doesn't fit because those companies spend all of their time trying to limit direct access to the database, so buying a tool that makes it easier is counter productive.
However, it's a cool idea and looks like it was well implemented."
Oh, I forgot to add that he said "Allowing a 3rd party web site to connect directly to a production database for the purpose allowing direct database manipulation will only happen with companies that don't have a security department, or their "security person" is just in name only. There are so many things that can go wrong that is just not worth doing. Even if this could run on site, is runs against basically all Information Security and IT operations best practices."
I feel like small and really small comparies are the primary market for this tool. A sort of stepping stone until they can build out a large enough engineering team to support more specialized internal tooling. A lot of small companies store most / all of their business data in spread sheets anyway, BaseDash just gives them a more robust backend (SQL) that allows them to transition more seamlessly into custom back office software.
> So this would be just another product for them, and the technical staff wouldn't find it terribly useful because they already know how to interact with the database.
The technical staff would find it tremendously useful because they can focus on building a solid data model on top of a SQL database without having to spend time building out clunky admin interfaces. And from the other direction they don't need to build out migrations from legacy spreadsheet data into a SQL database.
> For medium to large companies it doesn't fit because those companies spend all of their time trying to limit direct access to the database, so buying a tool that makes it easier is counter productive.
Maybe, but if BaseDash offers robust enough validations and permissioning, this shouldn't be as much of a concern. The flip side is that without BaseDash, if some data needs to be tweaked that isn't possible to do using the clunky ad hoc admin interfaces that were built, someone on the engineering team would need to make those changes in the database manually, or ops would need to wait for engineering to build out a feature to allow them to make those changes.
I've worked at companies with pgAdmin or something similar that allowed people to edit prod. It was a catastrophe.
As others have said, non-tech people shouldn't have access to prod data, where they may not understand the schema well enough to edit it. Tech people already have GUIs.
Using something like Airtable and syncing it with prod using a thin layer of code is much more viable.
I open sourced my work to make something out of it. Not as polished as BaseDash or popsql. It’s MIT licensed.
https://github.com/nojvek/boomadmin
Congrats BaseDash on making it to YC and getting this far. I wish you best of luck. Even though I’m a bit jealous.
Definitely try again, YC is worth it.