If you’re asking why we’d ever put any credentials into a web client, normally, we wouldn’t… That is universally considered a very bad idea. This is a sample in the readme, there are certainly other ways to handle the credentials, like prompting the end user for their credentials and passing them in here.
That said, with HarperDB’s attribute-level role permissions, you can restrict the tables, operations (CRUD), and attributes to which a user has access. So while most of the time you’ll want pass this request through a separate server-side API to limit queries by an attribute like user_id, you can also grant direct access to the database for those queries where it makes sense- as long as you lock down the user’s role appropriately.
Comment marked as low quality/non-constructive by the community. View Code of Conduct
Comment hidden by post author - thread only visible in this permalink
I was commenting because you are showing a demo / sample on your official website / repo, and before too long somebody will use it as is, because hey it's an official example, so it must be good, right ! It's also telling any serious developer to stay away from your product (but it is your product, I'm nothing). All the best.
Comment hidden by post author
Some comments have been hidden by the post's author - find out more
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Seriously ? let's put the username/password on the UI page for all to see?
github.com/harperdb/harperdb-sdk-r...
import React from 'react';
import ReactDOM from 'react-dom';
import { HarperDBProvider } from 'use-harperdb';
ReactDOM.render(
<React.StrictMode>
<HarperDBProvider url="localhost:9925" user="HDB_ADMIN" password="password">
<App />
</HarperDBProvider>
</React.StrictMode>,
document.getElementById('root')
);
Hi @joedotnot ,
If you’re asking why we’d ever put any credentials into a web client, normally, we wouldn’t… That is universally considered a very bad idea. This is a sample in the readme, there are certainly other ways to handle the credentials, like prompting the end user for their credentials and passing them in here.
That said, with HarperDB’s attribute-level role permissions, you can restrict the tables, operations (CRUD), and attributes to which a user has access. So while most of the time you’ll want pass this request through a separate server-side API to limit queries by an attribute like user_id, you can also grant direct access to the database for those queries where it makes sense- as long as you lock down the user’s role appropriately.
I was commenting because you are showing a demo / sample on your official website / repo, and before too long somebody will use it as is, because hey it's an official example, so it must be good, right ! It's also telling any serious developer to stay away from your product (but it is your product, I'm nothing). All the best.