Another method, which has worked for me, is to never store passwords in the database at all but in a separate authenticator like Google Auth or AWS Cognito. Then the authenticated username is passed in via signed JWT.…
49.7 days? I wish I could get more than 7 out of my MacOS Catalina laptops before I get a gray screen.
doubleplus-good
> Postgraphile requires setting up row level security policies, meaning you have no control over what layer of code you want authz policies to live; they must be in the database. I might go ahead and argue that RLS in…
I love SQL. I'll write CTEs and window functions until the cows come home with a smile on my face. But not everyone needs to know SQL. There are many other worthy pursuits. REST suffers from the N+1 problem and…
SPARQL is a flat result set, just like SQL. Also so much like SQL, it's not actually an advantage over SQL, just removed from a relational database. GraphQL is hierarchical. The queries look substantially like the…
"I've got 12 browser windows with 50 tabs each. And one of the tabs is playing a YouTube video while another is playing a movie on Netflix. And I've got a Facebook tab or two. Bunch of social media. Then there are the…
Let's be clear: many folks today are directly exposing their databases through REST. The API protocol really doesn't matter. CRUD has no affinity for any one technology or methodology. GraphQL is no more vulnerable to…
Row-level security is not at all dependent upon DB users/roles. Storing app user data in a table for lookup is sufficient. Storing the user info in a session config value as provided by JWT can be even better. Basic…
For the most part, you can insert/update/delete. See: INSTEAD OF triggers. That is unless you're using MySQL/MariaDB, in which case views are the least of your worries.
If you're trying to map app users to DB users for more than 1,000 users, you're doing it wrong. Roles at that scale tend to be more vague: admin, hr, analysis, etc. Users (and tags) go in a table. Then row-level…
Not clear how to add or notify anyone to add. Missing Prisma (https://www.prisma.io/) and Postgraphile (https://www.graphile.org/postgraphile/) in the Databases section.
In code, as long as that code is JavaScript. Looking at endpoints.getPost, assuming you pass in an id, what does that result look like? "It can look like whatever query you're making" is not a good answer. Even if…
Okay, let's spell it out. Your tool requires that you specify endpoints. Then call the ORM or make manual SQL queries. In the example, you have a Todo object. Do you see the code right here? ``` endpoints.createTodoItem…
> Honestly, your whole post is weird to me, I'm not sure what your motive is. You seem to try to put down an open source project that is being developed by someone in his free time and without any remuneration. That's…
I appreciate your zeal in marketing this product, but you're comparing apples and oranges. You are speaking of the ease of how you can write SQL queries. With Hasura, Postgraphile, Prisma, and their generated REST…
While the unindexed time is impressive for the lack of index, the GIST and SP-GIST times are not 0.939 sec and 0.358 sec. All times are in milliseconds. GIST returns in slightly less than 1ms, not 1s. SP-GIST returns in…
Another method, which has worked for me, is to never store passwords in the database at all but in a separate authenticator like Google Auth or AWS Cognito. Then the authenticated username is passed in via signed JWT.…
49.7 days? I wish I could get more than 7 out of my MacOS Catalina laptops before I get a gray screen.
doubleplus-good
> Postgraphile requires setting up row level security policies, meaning you have no control over what layer of code you want authz policies to live; they must be in the database. I might go ahead and argue that RLS in…
I love SQL. I'll write CTEs and window functions until the cows come home with a smile on my face. But not everyone needs to know SQL. There are many other worthy pursuits. REST suffers from the N+1 problem and…
SPARQL is a flat result set, just like SQL. Also so much like SQL, it's not actually an advantage over SQL, just removed from a relational database. GraphQL is hierarchical. The queries look substantially like the…
"I've got 12 browser windows with 50 tabs each. And one of the tabs is playing a YouTube video while another is playing a movie on Netflix. And I've got a Facebook tab or two. Bunch of social media. Then there are the…
Let's be clear: many folks today are directly exposing their databases through REST. The API protocol really doesn't matter. CRUD has no affinity for any one technology or methodology. GraphQL is no more vulnerable to…
Row-level security is not at all dependent upon DB users/roles. Storing app user data in a table for lookup is sufficient. Storing the user info in a session config value as provided by JWT can be even better. Basic…
For the most part, you can insert/update/delete. See: INSTEAD OF triggers. That is unless you're using MySQL/MariaDB, in which case views are the least of your worries.
If you're trying to map app users to DB users for more than 1,000 users, you're doing it wrong. Roles at that scale tend to be more vague: admin, hr, analysis, etc. Users (and tags) go in a table. Then row-level…
Not clear how to add or notify anyone to add. Missing Prisma (https://www.prisma.io/) and Postgraphile (https://www.graphile.org/postgraphile/) in the Databases section.
In code, as long as that code is JavaScript. Looking at endpoints.getPost, assuming you pass in an id, what does that result look like? "It can look like whatever query you're making" is not a good answer. Even if…
Okay, let's spell it out. Your tool requires that you specify endpoints. Then call the ORM or make manual SQL queries. In the example, you have a Todo object. Do you see the code right here? ``` endpoints.createTodoItem…
> Honestly, your whole post is weird to me, I'm not sure what your motive is. You seem to try to put down an open source project that is being developed by someone in his free time and without any remuneration. That's…
I appreciate your zeal in marketing this product, but you're comparing apples and oranges. You are speaking of the ease of how you can write SQL queries. With Hasura, Postgraphile, Prisma, and their generated REST…
While the unindexed time is impressive for the lack of index, the GIST and SP-GIST times are not 0.939 sec and 0.358 sec. All times are in milliseconds. GIST returns in slightly less than 1ms, not 1s. SP-GIST returns in…