I see you didn’t say anything about the possible security issues if I was using AWS Cognito for auth, tightly scoped IAM privileges for the runtime environment and a tightly scoped database user.

BTW, with AWS you can also enforce DynamoDB, Postgres and Redshift (?) to only allows rows to be accessed based on the user (IAM or Cognito) so no matter what Claude did, as long as you validate your security boundary at the AWS and database level, there wouldn’t be an issue.

Why would I trust developers (or Claude) to write secure multi tenant code when I can enforce it on the database/AWS layer?

https://aws.amazon.com/blogs/database/multi-tenant-data-isol...

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_p...

1. I did say it’s an internal admin site and I mentioned AWS and S3. I didn’t say it was a reporting site only dealing with the database.

2. It’s B2B, every company pays 5-6 figures annually and they each have their own AWS account. No company can access any other company’s data because they each have their AWS account, user pool and database.

3. How am I “boasting” about doing “web dev” (poorly paid commodity work) when I specifically said I hadn’t done web development “since 2002” and talked about the UI was something from 2002?

4. I said it was an “Admin site”. I didn’tg say it was a reporting dashboard.