postgrest is really great. It is a very well thought-out api for how to safely expose a database to outside world. You get to not worry about SQL injection, allowing expensive queries or having to keep db schemas and your api in sync.
The main thing it lacks is encryption at rest, so by default it can’t be used to store passwords, but we solved that with encryption. Eg expose an age public key in a read-only postgrest table…now you can store secrets via postgrest safely. Side benefit of this scheme is that you don’t have to audit code to make sure you don’t log passwords somewhere in middleware.
postgrest is great, I have yet to use it on a project but it makes great use of postgres row level security
for anyone, like me, who’s been waiting for a postgrest-like project for SQLite, it seems that a few have been started now. No where near the robustness and security, but just found ws4sqlite and have been messing around with it for small projects.
postgrest is really great. It is a very well thought-out api for how to safely expose a database to outside world. You get to not worry about SQL injection, allowing expensive queries or having to keep db schemas and your api in sync.
The main thing it lacks is encryption at rest, so by default it can’t be used to store passwords, but we solved that with encryption. Eg expose an age public key in a read-only postgrest table…now you can store secrets via postgrest safely. Side benefit of this scheme is that you don’t have to audit code to make sure you don’t log passwords somewhere in middleware.
postgrest is great, I have yet to use it on a project but it makes great use of postgres row level security
for anyone, like me, who’s been waiting for a postgrest-like project for SQLite, it seems that a few have been started now. No where near the robustness and security, but just found ws4sqlite and have been messing around with it for small projects.