| ▲ | mattmanser 19 hours ago | |
So you've made a read only wrapper around a database? That one person needs to access? There's no tentantization? You can't access more than one person's data? So there's zero chance one user can access someone else's data? If you answered NO to any question, refer to my previous post. If you answered YES, you could have just hooked your DB up to power BI or tableaux or whatever. Not exactly something to start boasting about that you're doing web dev. | ||
| ▲ | raw_anon_1111 18 hours ago | parent [-] | |
I see you didn’t say anything about the possible security issues if I was using AWS Cognito for auth, tightly scoped IAM privileges for the runtime environment and a tightly scoped database user. BTW, with AWS you can also enforce DynamoDB, Postgres and Redshift (?) to only allows rows to be accessed based on the user (IAM or Cognito) so no matter what Claude did, as long as you validate your security boundary at the AWS and database level, there wouldn’t be an issue. Why would I trust developers (or Claude) to write secure multi tenant code when I can enforce it on the database/AWS layer? https://aws.amazon.com/blogs/database/multi-tenant-data-isol... https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_p... 1. I did say it’s an internal admin site and I mentioned AWS and S3. I didn’t say it was a reporting site only dealing with the database. 2. It’s B2B, every company pays 5-6 figures annually and they each have their own AWS account. No company can access any other company’s data because they each have their AWS account, user pool and database. 3. How am I “boasting” about doing “web dev” (poorly paid commodity work) when I specifically said I hadn’t done web development “since 2002” and talked about the UI was something from 2002? 4. I said it was an “Admin site”. I didn’tg say it was a reporting dashboard. | ||