-
Notifications
You must be signed in to change notification settings - Fork 8
Protecting your DB
Jiri Spac edited this page Mar 30, 2016
·
2 revisions
By far the most challenging problem when creating a DB ORM framework such as Moonridge is securely opening a DB for any potential user to consume, allowing him to use the app, but disallowing him from flooding the DB with spam or hacking it.
By default Moonridge solves this problem with privilege_level for each user. Each operation on a model/property can require a certain privilege level. These are defined with the definition of the schema. If user doesn't have it equal or higher, requested operation will be rejected.
If you prefer any other mechanism for authorization, you can write your own authorize functions and even override checking if user can or can't do an operation.