migs
Explore posts from serversTTCTheo's Typesafe Cult
•Created by migs on 1/31/2024 in #questions
TRPC Security/ Authorization Concerns
Hey guys, I'm a bit worried the default protected procedure isn't enough to secure data in my app. As I understand it, if someone just logs in my app, he'll have a valid session, and could potentially reverse engineer the trpc queries and access other users data, is there something I'm missing here ?
I'm also incredibly confused by TRPC context, should I be querying my db in the context to check if user has authorization for the data he's requesting ? Every example I find is only passing session and db connection, haven't seen any type of authorization method here.
13 replies
TTCTheo's Typesafe Cult
•Created by migs on 1/22/2024 in #questions
How do I change my schema without data loss in MySQL ?
Hey everyone, I'm pretty new to SQL so I'm having some disturbing questions in my mind.
How should I proceed when I need to add a new and notNull column to a schema without losing data?
Do I need to set a default ? But then I can't remove the default because it causes data-loss, so I might aswell not use a notNull field, but what if I have to ?
I've been reading about migrations, but I don't really see a big difference between a migration and a db:push (I'm using drizzle + planetscale)
What is the correct way to approach this problem?
Thank you!
3 replies