Hope you're all fine during this health crisis. Remember to keep safe and if possible stay at home.
Have you ever needed to give "some" access to your database, let's say SELECT access over certain tables, but also record what queries does the user execute?
We had this requirement a while ago. The first two parts are easy to achieve:
- Some access: Create a new use role while only select privileges.
- Access to some tables: Create a view over the required tables
Recording the executed queries is not that simple because there are no triggers over a SELECT query.
The dirty trick
So we need to record what queries are executed. We may need a new table, perhaps on another schema, and a Postgres function to insert a record on the log table. …
Why you shouldn’t use status 200 for nearly everything
This is a conversation I’ve had many times, and it usually ends up in an argue because it’s highly opinionated.
The use case
Let’s say you have an API running on some web server, doesn’t matter which one. There’s a login endpoint and some other resources that can’t be accesible unless you have already logged in into the web application. To request any of these resources you enter some credentials, user and password, and the login is denied.
What status code should the server return?
- 200 The request is successful as the endpoint does exist and makes some internal validation, but the response has to include some information on why the access is denied. …
and how to overcome them
A few months ago, our CTO came back from his vacations and told us he assisted to NG Conf 2019. A great experience that lead him to this conclusion:
"We should develop as Google, using a monorepo"
(curiously this is very similar to NWRL.io's slogan).
At first, as a senior developer, this didn't make too much sense. …
About
