DEV Community

Discussion on: HERN Stack, Comin’ In Hot

Collapse
joedotnot profile image
joedotnot

Seriously ? let's put the username/password on the UI page for all to see?
github.com/harperdb/harperdb-sdk-r...

import React from 'react';
import ReactDOM from 'react-dom';
import { HarperDBProvider } from 'use-harperdb';

ReactDOM.render(
<React.StrictMode>
<HarperDBProvider url="localhost:9925" user="HDB_ADMIN" password="password">
<App />
</HarperDBProvider>
</React.StrictMode>,
document.getElementById('root')
);

Collapse
jacob_b_cohen profile image
Jacob Cohen

Hi @joedotnot ,

If you’re asking why we’d ever put any credentials into a web client, normally, we wouldn’t… That is universally considered a very bad idea. This is a sample in the readme, there are certainly other ways to handle the credentials, like prompting the end user for their credentials and passing them in here.

That said, with HarperDB’s attribute-level role permissions, you can restrict the tables, operations (CRUD), and attributes to which a user has access. So while most of the time you’ll want pass this request through a separate server-side API to limit queries by an attribute like user_id, you can also grant direct access to the database for those queries where it makes sense- as long as you lock down the user’s role appropriately.

Collapse
joedotnot profile image
Comment marked as low quality/non-constructive by the community. View Code of Conduct
Info Comment hidden by post author - thread only visible in this permalink
joedotnot

I was commenting because you are showing a demo / sample on your official website / repo, and before too long somebody will use it as is, because hey it's an official example, so it must be good, right ! It's also telling any serious developer to stay away from your product (but it is your product, I'm nothing). All the best.

Some comments have been hidden by the post's author - find out more