Hacker News new | past | comments | ask | show | jobs | submit login

There's something to be said about layers of security providing redundancy to catch errors--that's part of what goes into highly reliable operations used in aerospace and health care. If you get the postgres wrong and that's all you're relying on, then that's all you've got. If you've got the same postgres wrapped in a more rigid validation then arguably there are more bugs that need to align for a mishap. Of course the flip side is that's even more complex and more difficult to implement. The reality is people probably tend to skimp on the postgres layer's security if they're burying it deep under other things. Whether you're focusing on the postgres layer or some higher later (python or whatever), that's still just one layer of protection.



> If you've got the same postgres wrapped in a more rigid validation then arguably there are more bugs that need to align for a mishap.

> The reality is people probably tend to skimp on the postgres layer's security if they're burying it deep under other things.

so the reality is, they don't have layers. they'll have one security layer.

best to put it in postgres, where other folks who aren't in a hurry to deploy the feature your boss wants, have tested the security model.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: