Skip to content

Settings and activity

6 results found

  1. 5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    Fred Zhang shared this idea  · 
  2. 8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    Fred Zhang supported this idea  · 
  3. 18 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    Fred Zhang commented  · 

    Interesting idea. Data connect took a slightly different approach. Authorization are done at query / mutation level with `@auth` directives.

    Two Camps:
    A) Resource level auth policy.
    e.g. Postgres's RLS, Security Rules in Firestore / Firebase Storage and RTDB
    B) Operation level auth policy.
    Cloud Function, Cloud run. Any backend API usually comes with an auth check

    We considered existing feedbacks on Firestore and RTDB Security Rules. Open insecure rules are huge concern because it's "too easy" for early development.
    When a resource is accessed by different means, it's repetitive and often bug-prone to include every case. This gave birth to emulator suite and security rules testing.

    When we design data connect, we debated those two security models heavily. We chose the B) operation level security, so that it's
    - secure by default: no way to access a row without a query defined.
    - easy to write: operation auth policy has relevant context. It reduces risk of outage due to misconfigured rules on a shared row.

    On the other side, you may use the same Cloud SQL database via data connect and other servers. It's great callout out that data connect shall be compatible with Postgres' security best practices.

  4. 37 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  General » Other  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    Fred Zhang commented  · 
    Fred Zhang supported this idea  · 
  5. 5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    Fred Zhang supported this idea  · 
  6. 98 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    Fred Zhang supported this idea  ·