top | item 38294807

(no title)

bvirb | 2 years ago

FWIW I think I agree with you if you consider "critical processing of data" data validations (IME via constraints, checks, triggers, etc...). I think where things can really go wrong is when the DB accepts anything the application layer thinks is valid.

My favorite ORM says the same thing: https://sequel.jeremyevans.net/rdoc/files/doc/validations_rd...

I wouldn't be surprised if more people agree with that as well, maybe just using different terms.

discuss

dkjaudyeqooe|2 years ago

> I think where things can really go wrong is when the DB accepts anything the application layer thinks is valid.

No, my view is the opposite of that: the database doesn't allow anything invalid to enter the database.

bvirb|2 years ago

Hmm well if I understand you correctly that's what I was saying as well:

Things go wrong when the DB trusts the application layer (rather than doing its own validation) -- e.g. the DB should control what is valid data, not the application layer.