Turso SQLite Offline Sync Public Beta

(turso.tech)

221 points charlieirish | 3 comments | 31 Mar 25 15:10 UTC | HN request time: 0.001s | source

Show context

billconan ◴[31 Mar 25 15:30 UTC] No.43536188[source]▶

This sounds great, but I have some questions regarding data integrity and security.

If I build an offline first app using Turso, will my client directly exchange data with the database, without a layer of backend APIs to guarantee data integrity and security? For example, certain db write is only permitted for certain users, but when the db API is exposed, will that cause problems? A concrete example would be a forum where only moderators can remove users and posts. Say if I build an offline first forum, can a hacker hack the database on the filesystem and utilize the syncing feature to propagate the hacked data to the server?

replies(9): >>43536366 #>>43536534 #>>43536576 #>>43536993 #>>43537308 #>>43537313 #>>43537393 #>>43539446 #>>43540237 #

thisislife2 ◴[31 Mar 25 16:05 UTC] No.43536576[source]▶

>>43536188 #

I'd have thought that in this day and age every developer would know by now the importance of sanitizing user input before a web application accepts it? Your doubt has given me some pause ...

replies(2): >>43536776 #>>43538162 #

1. wahnfrieden ◴[31 Mar 25 16:22 UTC] No.43536776[source]▶

>>43536576 #

No need to give a rude, condescending and unhelpful answer - there will always be people learning

replies(1): >>43553116 #

2. thisislife2 ◴[02 Apr 25 02:16 UTC] No.43553116[source]▶

>>43536776 (TP) #

It wasn't an answer - it was a comment adding to his question expressing my surprise that developers still are making this kind of mistake.

replies(1): >>43553743 #

3. wahnfrieden ◴[02 Apr 25 04:44 UTC] No.43553743[source]▶

>>43553116 #

I know

↑