This seems like an incredibly bad idea. Yeah, you removed DDL changes from the user, but most real apps are going to need row level permissions. You can't enforce that in the client, it has to be done at the server.
I think the only case I'd think about putting something like this in production is a read-only app with no sensitive information. Maybe something that could write (insert only, no update, no delete) if the writes were going to be vetted by something else later and not directly exposed to users.
Your example is such an app, but the permissions are still too wide. I'd give it 15 minutes before there was a Starbucks at 1600 Pennsylvania Ave or in R'Lyeh.
ETA: Or probably less time until there was one at "BUY <ED DRUG> AT <some url>"
This looks to be a quick example application for those getting started with coding. You are correct that the some of the design patterns would not hold up in a production system, but that doesn't seem to be the point of this post.
I'd like to add, not every web app needs a design pattern where all CRUD operations are required or are necessary. I really love the auto refresh feature.
Right. And those operations should be shut off at the server, not at the app. You've got db credentials, just because it's not in the app doesn't mean someone won't take advantage of it.
Never trust the client.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
This seems like an incredibly bad idea. Yeah, you removed DDL changes from the user, but most real apps are going to need row level permissions. You can't enforce that in the client, it has to be done at the server.
I think the only case I'd think about putting something like this in production is a read-only app with no sensitive information. Maybe something that could write (insert only, no update, no delete) if the writes were going to be vetted by something else later and not directly exposed to users.
Your example is such an app, but the permissions are still too wide. I'd give it 15 minutes before there was a Starbucks at 1600 Pennsylvania Ave or in R'Lyeh.
ETA: Or probably less time until there was one at "BUY <ED DRUG> AT <some url>"
This looks to be a quick example application for those getting started with coding. You are correct that the some of the design patterns would not hold up in a production system, but that doesn't seem to be the point of this post.
I'd like to add, not every web app needs a design pattern where all CRUD operations are required or are necessary. I really love the auto refresh feature.
Right. And those operations should be shut off at the server, not at the app. You've got db credentials, just because it's not in the app doesn't mean someone won't take advantage of it.
Never trust the client.