1
00:00:00,120 --> 00:00:08,430
‫What's going on, guys, quick video answering one question that some of you asked me, and I started

2
00:00:08,430 --> 00:00:14,070
‫writing an answer, but it turns out to be the very loaded question I can't possibly and threatened

3
00:00:14,400 --> 00:00:15,360
‫in a comment.

4
00:00:15,630 --> 00:00:15,930
‫Right.

5
00:00:15,930 --> 00:00:21,730
‫So I decided just to quickly make some some more content for you guys in answering this question.

6
00:00:21,750 --> 00:00:23,310
‫So how about we jump into it?

7
00:00:23,320 --> 00:00:30,960
‫So this question comes from Shark Week and it's a comment on my no, just spinning up a lightweight

8
00:00:30,960 --> 00:00:34,650
‫postscripts and a stance and work with it or no.

9
00:00:34,740 --> 00:00:35,480
‫Yes, right.

10
00:00:35,490 --> 00:00:43,320
‫And basically the question says, hey, I currently have the same set up on my side project.

11
00:00:43,620 --> 00:00:51,870
‫And what do you think about having to create to call create a table, if not exist, running on startup

12
00:00:53,130 --> 00:00:56,080
‫that creates the table and then start your application?

13
00:00:56,100 --> 00:00:57,670
‫Is this a good idea or bad idea?

14
00:00:57,690 --> 00:01:06,600
‫So just I'm rephrasing what he has here is he has the application when it starts, it can act as a user.

15
00:01:06,780 --> 00:01:12,360
‫And the first thing it does, it creates the table if not exists.

16
00:01:12,360 --> 00:01:17,850
‫So there is like a command special skill command center created, if not exist and then consume the

17
00:01:17,850 --> 00:01:18,060
‫work.

18
00:01:18,060 --> 00:01:22,200
‫So most of the cases, that's absolutely fine.

19
00:01:23,010 --> 00:01:35,400
‫And however, I I'm a little bit of a when it comes to this kind of DDL operations, I do not like to

20
00:01:35,400 --> 00:01:36,690
‫do them in the script.

21
00:01:36,690 --> 00:01:38,040
‫Sometimes I don't have a choice.

22
00:01:38,040 --> 00:01:49,470
‫But in this case I what I would do is I would make sure, first of all, that the user consume the database

23
00:01:49,470 --> 00:01:57,060
‫used in this case, consuming the table that is doing DTMF ls on the table and searching, updating,

24
00:01:57,060 --> 00:02:05,130
‫deleting is different than the user who owns the schema or on the table is just a practice that I learned

25
00:02:05,130 --> 00:02:05,900
‫over the year.

26
00:02:05,910 --> 00:02:08,790
‫I like to have a different owner, right.

27
00:02:08,790 --> 00:02:16,100
‫And this way I assign specific permissions to the user doing the DMS operation.

28
00:02:16,120 --> 00:02:23,490
‫So if the same user and I'm going to tell you in a while why in a second if you're doing what you're

29
00:02:23,490 --> 00:02:29,790
‫doing right now, which is you spin up the application and fairly, this is exactly what I did at the

30
00:02:29,790 --> 00:02:30,330
‫application.

31
00:02:30,330 --> 00:02:30,990
‫But that's.

32
00:02:32,120 --> 00:02:37,250
‫Goes without saying that this is not production code, right, but what I say is like when you spin

33
00:02:37,250 --> 00:02:42,080
‫up the application and you immediately create a table by default, you on the table.

34
00:02:42,080 --> 00:02:45,040
‫So you pretty much can do pretty much anything with it.

35
00:02:45,830 --> 00:02:53,150
‫And that's not a good idea, because if that application are you going to start spin it up to be a Web

36
00:02:53,150 --> 00:02:59,330
‫application, which will have a lot of other consumers which are anonymous.

37
00:02:59,330 --> 00:03:06,560
‫Most of the time they are going to use the identity of their user to doodle on that table.

38
00:03:06,560 --> 00:03:06,960
‫Right.

39
00:03:07,010 --> 00:03:11,840
‫So that's insert whatever if you support deletes or updates that stuff.

40
00:03:12,980 --> 00:03:19,810
‫In that case, that user, those users have full privileges on the table.

41
00:03:19,820 --> 00:03:28,850
‫So if you if someone managed to sneak in and a sequel injection on you to drop the table, they will

42
00:03:28,880 --> 00:03:31,160
‫be able to drop it because guess what?

43
00:03:32,030 --> 00:03:34,700
‫Yes, they are anonymous from the player.

44
00:03:34,970 --> 00:03:42,050
‫But the moment that that that injection happened, excess or whatever happened and it reached your backend

45
00:03:42,050 --> 00:03:45,740
‫application, it can sneak in into the database.

46
00:03:46,070 --> 00:03:46,460
‫Right.

47
00:03:46,460 --> 00:03:53,240
‫And basically had select from your name as semicolon drop table employees.

48
00:03:53,480 --> 00:03:56,510
‫And just like that, you lost your table.

49
00:03:56,540 --> 00:03:56,890
‫Right.

50
00:03:56,900 --> 00:04:02,810
‫Because and they can do that because they are here on the back and they are logged in as you use and

51
00:04:02,810 --> 00:04:06,070
‫you configure that they are the owner of the user.

52
00:04:06,320 --> 00:04:08,780
‫So if they just sneak in, they can drop the table.

53
00:04:09,710 --> 00:04:10,760
‫Bad idea, right?

54
00:04:10,940 --> 00:04:12,800
‫So what I like to do is.

55
00:04:13,800 --> 00:04:19,470
‫So I would not recommend what you are doing in production, so that's the short answer.

56
00:04:19,920 --> 00:04:27,920
‫What I would do is I would create the schema using a completely different script.

57
00:04:28,380 --> 00:04:28,800
‫Right.

58
00:04:29,040 --> 00:04:32,010
‫And I'm going to create it as a specific user.

59
00:04:33,350 --> 00:04:37,900
‫I don't know, I'm going to call it app schema, right?

60
00:04:37,940 --> 00:04:45,740
‫I'm going to create the employee stable in this case, and then when I want to consume, I'm going to

61
00:04:45,740 --> 00:04:49,030
‫create a completely different user for the application.

62
00:04:49,040 --> 00:04:52,010
‫I'm going to call it app user and that app user.

63
00:04:53,200 --> 00:04:59,320
‫I'm going to be even a hard ass, a more hard ass, I'm going to create a different database users and

64
00:04:59,320 --> 00:05:03,180
‫create different pools of connections because you have to use pooling.

65
00:05:03,190 --> 00:05:05,530
‫I didn't use pulling that video, but you have to.

66
00:05:05,560 --> 00:05:13,180
‫Guys, I'm going to create a different pool of connections for each round of application.

67
00:05:13,480 --> 00:05:20,320
‫If the drought is going on doing only reading, then I'm going to log in as a read only user and give

68
00:05:20,320 --> 00:05:25,620
‫that user app read, for example, and give it read permission on that table.

69
00:05:25,960 --> 00:05:34,600
‫And if I am going through the route that is I don't know anything, then I'm going to do give it only

70
00:05:34,600 --> 00:05:34,990
‫update.

71
00:05:34,990 --> 00:05:40,840
‫I'm not going to give a drop privileges because most of the time you're not going to drop a table in

72
00:05:40,840 --> 00:05:41,160
‫the web.

73
00:05:41,170 --> 00:05:43,250
‫So why do you give it a full permission?

74
00:05:43,250 --> 00:05:43,440
‫Right.

75
00:05:43,690 --> 00:05:46,480
‫Just having the full permission is just really scary.

76
00:05:46,510 --> 00:05:48,150
‫Right, to access it through the web.

77
00:05:48,430 --> 00:05:49,890
‫And I apologize.

78
00:05:49,900 --> 00:05:51,790
‫Shark Week, bad ass name.

79
00:05:51,790 --> 00:05:58,420
‫By the way, if you're not using this in a Web application, you're completely doing as a script that

80
00:05:58,630 --> 00:06:00,190
‫you have absolutely no users.

81
00:06:01,740 --> 00:06:05,140
‫Whatever I'm saying does not make any difference, right?

82
00:06:05,190 --> 00:06:12,180
‫You can absolutely use your approach right if you want to, you're on your script to set up the script,

83
00:06:12,420 --> 00:06:13,410
‫then absolutely.

84
00:06:13,410 --> 00:06:16,820
‫By all means, do it and do this, if not create.

85
00:06:16,830 --> 00:06:21,870
‫And this is actually a great idea, especially if you're running a huge script that does a bunch of

86
00:06:21,870 --> 00:06:24,420
‫stuff you want to be able to make it.

87
00:06:24,420 --> 00:06:27,480
‫It's important so you can run it over and over again.

88
00:06:27,480 --> 00:06:30,390
‫And just the they call additive, right.

89
00:06:30,450 --> 00:06:32,130
‫Just adds on top of each other.

90
00:06:32,340 --> 00:06:33,480
‫All right, guys, quick video.

91
00:06:33,480 --> 00:06:34,790
‫I want to just to answer this question.

92
00:06:34,980 --> 00:06:36,290
‫It took me seven minutes to answer.

93
00:06:36,300 --> 00:06:40,320
‫So that's by no means I could have answered that in a comment.

94
00:06:40,320 --> 00:06:42,000
‫So I hope that makes sense, guys.

95
00:06:43,290 --> 00:06:49,680
‫And I'm going to see on the next one, you guys stay awesome and asked me these great questions.

96
00:06:49,680 --> 00:06:50,170
‫Keep quiet.

97
00:06:50,220 --> 00:06:50,870
‫Keep them coming.

98
00:06:50,910 --> 00:06:52,500
‫I love you.