←back to thread

Turso SQLite Offline Sync Public Beta

(turso.tech)
222 points charlieirish | 1 comments | 31 Mar 25 15:10 UTC | HN request time: 0.208s | source
Show context
billconan ◴[31 Mar 25 15:30 UTC] No.43536188[source]
This sounds great, but I have some questions regarding data integrity and security.

If I build an offline first app using Turso, will my client directly exchange data with the database, without a layer of backend APIs to guarantee data integrity and security? For example, certain db write is only permitted for certain users, but when the db API is exposed, will that cause problems? A concrete example would be a forum where only moderators can remove users and posts. Say if I build an offline first forum, can a hacker hack the database on the filesystem and utilize the syncing feature to propagate the hacked data to the server?

replies(9): >>43536366 #>>43536534 #>>43536576 #>>43536993 #>>43537308 #>>43537313 #>>43537393 #>>43539446 #>>43540237 #
1. franciscop ◴[31 Mar 25 17:11 UTC] No.43537308[source]
The blog post doesn't even touch on write conflicts, which is the main reason I opened it (I was curious on how they solved them), so not surprised there's no many details about security etc.