It's pronounced Diane. I do data architecture, operations, and backend development. In my spare time I maintain Massive.js, a data mapper for Node.js and PostgreSQL.
A single REST endpoint that accepts query text sounds, to my very limited understanding of GraphQL, like all of its drawbacks with none of its advantages. Authentication and authorization won't protect you against malformed or mistaken queries, and even a read-only case with the appropriate database permissions can come up with some pretty wild query plans. The comparison is more between a REST API and the Hasura/Prisma/Postgraphile set. It's certainly more convenient to point one of those at your database if you're already using GraphQL; if you aren't, I don't think covering a single database is, on its own, a compelling argument to start. @benjie
care to make a case for? :)
The thing is not REST vs GraphQL... more like why GraphQL if you already have SQL.
It seems to be an abstraction to limit what's possible for users, more or less. That said, when a user has the rights, it's his responsibility to write queries, which perform well (and so on) or which do what he intents to do (and the DBMSes responsibility). So basically I guess the question is more like why GraphQL if you have JDBC for instance, or something along these lines.
Some engines can generate very efficient SQL from your graphql. Since you don't need to worry about performance while writing graphql queries, you should get generally faster queries without having to hand optimize queries.
There are countless security issues when sending raw SQL strings from an endpoint into a database (see the damage a basic SQL injection attack can cause), so that's just not really an option anyway. GraphQL is almost much more flexible than REST, so you may prefer Graphql in this case.
Graphql provides type safety.
You could possibly eliminate backend code. Why write an API by hand when you could just generate an entire api based on your database schema? That alone is a reason to use something like hasura or postgraphile IMHO
DB -> graphql gives you the power of SQL queries, but without having to worry (as much) about performance, compatibility (everything is compatible with HTTP), or HTTP level security.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
A single REST endpoint that accepts query text sounds, to my very limited understanding of GraphQL, like all of its drawbacks with none of its advantages. Authentication and authorization won't protect you against malformed or mistaken queries, and even a read-only case with the appropriate database permissions can come up with some pretty wild query plans. The comparison is more between a REST API and the Hasura/Prisma/Postgraphile set. It's certainly more convenient to point one of those at your database if you're already using GraphQL; if you aren't, I don't think covering a single database is, on its own, a compelling argument to start. @benjie care to make a case for? :)
The thing is not REST vs GraphQL... more like why GraphQL if you already have SQL.
It seems to be an abstraction to limit what's possible for users, more or less. That said, when a user has the rights, it's his responsibility to write queries, which perform well (and so on) or which do what he intents to do (and the DBMSes responsibility). So basically I guess the question is more like why GraphQL if you have JDBC for instance, or something along these lines.
A few reasons:
Some engines can generate very efficient SQL from your graphql. Since you don't need to worry about performance while writing graphql queries, you should get generally faster queries without having to hand optimize queries.
There are countless security issues when sending raw SQL strings from an endpoint into a database (see the damage a basic SQL injection attack can cause), so that's just not really an option anyway. GraphQL is almost much more flexible than REST, so you may prefer Graphql in this case.
Graphql provides type safety.
You could possibly eliminate backend code. Why write an API by hand when you could just generate an entire api based on your database schema? That alone is a reason to use something like hasura or postgraphile IMHO
DB -> graphql gives you the power of SQL queries, but without having to worry (as much) about performance, compatibility (everything is compatible with HTTP), or HTTP level security.