top | item 39480842

(no title)

viiralvx | 2 years ago

I'd suggest reading up on what some of these new database providers are doing to help prevent or fix mistakes like this. Since you mentioned PlanetScale, I'll use them as an example.

1) PlanetScale has IP ACLs, which locks down passwords to specific IP addresses. [1] Additionally, with TailScale or another VPN solution, locking down based on IP isn't necessary foolproof.

2) They also have Safe Migrations. When enabled, it prevents DDL from being run directly on a database. [2] Additionally, using deploy requests for zero-downtime schema migrations also allows you to use reverts, which will revert the migration. [3]

[1] https://planetscale.com/blog/introducing-ip-restrictions

[2] https://planetscale.com/docs/concepts/safe-migrations

[3] https://planetscale.com/blog/behind-the-scenes-how-schema-re...

discuss

No comments yet.