If you’re asking why we’d ever put any credentials into a web client, normally, we wouldn’t… That is universally considered a very bad idea. This is a sample in the readme, there are certainly other ways to handle the credentials, like prompting the end user for their credentials and passing them in here.
That said, with HarperDB’s attribute-level role permissions, you can restrict the tables, operations (CRUD), and attributes to which a user has access. So while most of the time you’ll want pass this request through a separate server-side API to limit queries by an attribute like user_id, you can also grant direct access to the database for those queries where it makes sense- as long as you lock down the user’s role appropriately.
Some comments have been hidden by the post's author - find out more
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hi @joedotnot ,
If you’re asking why we’d ever put any credentials into a web client, normally, we wouldn’t… That is universally considered a very bad idea. This is a sample in the readme, there are certainly other ways to handle the credentials, like prompting the end user for their credentials and passing them in here.
That said, with HarperDB’s attribute-level role permissions, you can restrict the tables, operations (CRUD), and attributes to which a user has access. So while most of the time you’ll want pass this request through a separate server-side API to limit queries by an attribute like user_id, you can also grant direct access to the database for those queries where it makes sense- as long as you lock down the user’s role appropriately.