undefined | Better HN

0 pointscpursley6y ago0 comments

This is awesome. I haven't had time to expand react-admin-low-code, so glad to see someone take the general idea and run with it. I'll update the Readme to mention your repo when I have a chance.

What we're doing in our production version of this is using Postgres and Hasura for auth following this approach in order to reduce external dependencies: https://github.com/sander-io/hasura-jwt-auth

It's really amazing how far you can get with just Postgres. Writing business logic with code in application middleware always felt hacky to me when we have these powerful and performant relation databases.

0 comments

dvasdekis6y ago

Totally agree! Although I'm one of the contributors to that repo as well, the sheer number of possible attack vectors on the JWT scheme means that I was reluctant to use it in a publicly-facing use case. Let me know how it goes!

cpursleyOP6y ago

What are your biggest concerns about the Pg/Hasura JWT approach (which particular attack vectors made you nervous)?

j / k navigate · click thread line to collapse

0 comments

dvasdekis6y ago

cpursleyOP6y ago

What are your biggest concerns about the Pg/Hasura JWT approach (which particular attack vectors made you nervous)?

j / k navigate · click thread line to collapse