DEV Community

Discussion on: HERN Stack, Comin’ In Hot

Collapse
jacob_b_cohen profile image
Jacob Cohen

Hi @joedotnot ,

If you’re asking why we’d ever put any credentials into a web client, normally, we wouldn’t… That is universally considered a very bad idea. This is a sample in the readme, there are certainly other ways to handle the credentials, like prompting the end user for their credentials and passing them in here.

That said, with HarperDB’s attribute-level role permissions, you can restrict the tables, operations (CRUD), and attributes to which a user has access. So while most of the time you’ll want pass this request through a separate server-side API to limit queries by an attribute like user_id, you can also grant direct access to the database for those queries where it makes sense- as long as you lock down the user’s role appropriately.

Some comments have been hidden by the post's author - find out more