undefined | Better HN

0 pointsthreeseed5y ago0 comments

You do have a single point to enforce everything: code.

In most cases it is only a single web app connecting to a database and in micro-services architectures you can enforce it through a shared database access library.

And any company that allows users to make direct changes to a database without going through some security layer is pretty incompetent. Quite sure you wouldn't be able to get PCI/HIPAA certified with that sort of behaviour either.

0 comments

1 comments · 1 top-level

fiedzia5y ago

>You do have a single point to enforce everything: code

"code" usually is made of many smaller parts, what will keep those in sync to enforce anything? You are placing a burden on a developer (even more likely - on a group of developers), that just doesn't work in practice.

> And any company that allows users to make direct changes to a database without going through some security layer is pretty incompetent

Sure. But without schema at database level, there is no "security layer" to rely on. And you will eventually need to make a change that cannot be done via UI.

j / k navigate · click thread line to collapse