@MichelDiz - I 100% disagree with this statement, and I believe most programmers will too. You should have BOTH frontend and backend validation.
You’re basically saying backend security is not important, except user roles authentication @auth
Let me give you some use cases of why this is imperative, and IMHO what is the only missing real feature of dgraph.
- Check if a user’s email is verified
- Check if a post has the minimum / maximum character requirement
- Only allow someone to like a post once
- Stop invalid timestamps (not necessarily just createdAt or updatedAt)
- Stop a game user from hacking levels, resources paid for, etc
- Lock certain fields (types), banned users…
- A hacker could easily overload your database with posts greater than the max size etc…
- This list can go on, and on…
I have personal experience with people hacking my apps because my Firestore rules were not implemented. It is not difficult to hack a front-end app.
I know there are many references to why backend field validation security is important just on these forms, a google search will immediately point you to cyber attacks etc.
I am not sure how that works, but it sounds like this just fix the speed problem if it were implemented this way. Either way, it is way more important to have fast queries than to have fast mutations. Every single database front-end service that I know of provides this. It is a must. I hope the Dgraph team takes this seriously, as IMHO this is the only real feature missing for a commercial app, and it is a security related.
The work-around, custom mutations, is a pain.
Thanks,
J