1
00:00:00,120 --> 00:00:01,210
‫What is going on, guys?

2
00:00:01,230 --> 00:00:05,280
‫My name is Hussein, and to end this video, I want to do something a little bit different.

3
00:00:05,790 --> 00:00:15,870
‫I built this little bit to do application, which has posters on the back end and no jass on also the

4
00:00:15,870 --> 00:00:16,650
‫back end, I guess.

5
00:00:16,920 --> 00:00:22,830
‫And it was a very simple ish Demo five app that literally you can click add to do.

6
00:00:23,120 --> 00:00:26,390
‫Then if you click, it will literally delete that to you.

7
00:00:26,560 --> 00:00:31,830
‫So it was a little bit of a routing app, rest API, nothing fancy.

8
00:00:32,580 --> 00:00:40,170
‫However, I want to point up some little bit of a not so best practice that I used in this app and I'm

9
00:00:40,410 --> 00:00:46,620
‫going to show you how to do better and essentially, especially on the back and what we're talking about,

10
00:00:46,620 --> 00:00:47,790
‫the connection itself.

11
00:00:48,390 --> 00:00:48,720
‫Right.

12
00:00:48,720 --> 00:00:49,860
‫And what what can we do?

13
00:00:49,860 --> 00:00:56,070
‫And I talked about that where in another video where some of the best practices that you can use when

14
00:00:56,070 --> 00:01:03,480
‫you connect to a database, you need to establish a specific database user with specific permissions

15
00:01:03,900 --> 00:01:05,580
‫for each route.

16
00:01:06,030 --> 00:01:10,920
‫And yeah, it's a lot of work, but it will pay off in the long run.

17
00:01:11,220 --> 00:01:13,050
‫It will give you more security.

18
00:01:13,410 --> 00:01:18,900
‫It will basically group your you routes.

19
00:01:18,900 --> 00:01:22,590
‫Like if you're reading, you don't need to like what I'm doing right now.

20
00:01:22,590 --> 00:01:23,830
‫I'm logging as a postscript.

21
00:01:23,990 --> 00:01:27,510
‫I'm looking at as admin at the back end and I'm reading.

22
00:01:27,660 --> 00:01:29,820
‫Right, that's just a waste.

23
00:01:29,820 --> 00:01:37,320
‫Plus if someone injected some sort of a malformed sequel to inject sequel, they can drop my entire

24
00:01:37,320 --> 00:01:39,510
‫database because I am I am admon.

25
00:01:39,660 --> 00:01:40,020
‫Right.

26
00:01:40,020 --> 00:01:40,860
‫I'm logged in as admin.

27
00:01:40,860 --> 00:01:45,240
‫So it's not really a good practice to log in as admin on your Web application.

28
00:01:45,510 --> 00:01:50,700
‫So I'm just showing I'm going to show you how to create a certain user's given certain permissions and

29
00:01:51,360 --> 00:01:53,820
‫create different pool of database connection.

30
00:01:53,820 --> 00:01:59,520
‫And I talked about bullying that I was connection point and go check out this video if you're interested.

31
00:01:59,550 --> 00:02:01,620
‫So how about we jump into this video?

32
00:02:01,650 --> 00:02:03,940
‫This is what I'm going to try to do in this in this video.

33
00:02:04,620 --> 00:02:05,030
‫All right.

34
00:02:05,340 --> 00:02:11,580
‫So the first thing to explain here, what we're doing is I have a pool, a connection pooling.

35
00:02:11,580 --> 00:02:16,170
‫This is a feature and the PJI library that I'm using for NOGs.

36
00:02:16,350 --> 00:02:21,510
‫And what it does essentially is it starts with a certain number of database connection.

37
00:02:21,660 --> 00:02:29,640
‫And when you issue a query, for example, I want to read these to DOS, you can just use the pool to

38
00:02:29,640 --> 00:02:30,900
‫issue a query.

39
00:02:31,080 --> 00:02:38,730
‫And what that does is it will reserve one database connection, one TCP connection, send that query

40
00:02:38,910 --> 00:02:39,360
‫right.

41
00:02:39,570 --> 00:02:46,890
‫And then once that query comes back, it will return the result and then release that connection back

42
00:02:46,890 --> 00:02:48,720
‫to that to the pool.

43
00:02:48,930 --> 00:02:54,120
‫And the reason you want to do that and you don't want to use a single database connection and send all

44
00:02:54,120 --> 00:03:00,960
‫your queries in that single client is because you cannot guarantee that which request comes first and

45
00:03:00,960 --> 00:03:03,570
‫which response comes first because of pipelining.

46
00:03:03,690 --> 00:03:04,670
‫We have the same problem.

47
00:03:05,370 --> 00:03:05,630
‫Right.

48
00:03:06,030 --> 00:03:12,570
‫So it's a very bad idea to use the same TCP connection to send multiple database queries because some

49
00:03:12,570 --> 00:03:14,930
‫of them can return before the other.

50
00:03:14,940 --> 00:03:18,170
‫And you cannot guarantee what is a request in this case.

51
00:03:18,180 --> 00:03:18,390
‫Right.

52
00:03:19,020 --> 00:03:22,890
‫So that's in general, that's the idea of this.

53
00:03:22,890 --> 00:03:27,360
‫And then we're using pooling for this idea of pooling and you can control pooling.

54
00:03:27,360 --> 00:03:29,070
‫And I talked about that in another video.

55
00:03:29,910 --> 00:03:35,430
‫So what I want to do here, what I'm using for the pool is is the postscripts user, which is so bad.

56
00:03:35,460 --> 00:03:35,920
‫Right.

57
00:03:36,240 --> 00:03:41,070
‫No need to use that this this God mode to connect to the database.

58
00:03:41,070 --> 00:03:47,070
‫So what we're going to do here, as soon as I have one route that does the reader to DOS and I think

59
00:03:47,070 --> 00:03:54,510
‫one Roedad create that to do and one route that delete this is do I'm going to create three users.

60
00:03:54,510 --> 00:03:57,930
‫I can do with two, but I want to be fancy a little bit.

61
00:03:58,200 --> 00:04:06,540
‫Gref three, but one with only read one would only create and one would only delete.

62
00:04:06,670 --> 00:04:07,020
‫Right.

63
00:04:07,230 --> 00:04:16,350
‫And I'm going to use these each pool through three type of pools and use one each for each.

64
00:04:16,530 --> 00:04:18,930
‫So how about we do the code first and then we create the user.

65
00:04:19,050 --> 00:04:19,590
‫Let's do that.

66
00:04:19,920 --> 00:04:20,200
‫Right.

67
00:04:20,370 --> 00:04:26,250
‫So another thing, bad thing I'm doing is I'm not getting the password in the code.

68
00:04:26,250 --> 00:04:27,290
‫That's a bad idea.

69
00:04:27,450 --> 00:04:30,000
‫The best thing is to use environment variables.

70
00:04:30,250 --> 00:04:32,190
‫And there are many ways to do that.

71
00:04:32,200 --> 00:04:37,350
‫And it's just it's a little bit hectic for me to use the variables for tutorial.

72
00:04:37,590 --> 00:04:38,650
‫But do you know the ideas guy?

73
00:04:38,680 --> 00:04:40,020
‫This is a well known thing.

74
00:04:40,770 --> 00:04:42,960
‫I might create another video and show you how to do that.

75
00:04:43,020 --> 00:04:44,690
‫Maybe I'm going to do it in this video.

76
00:04:44,700 --> 00:04:45,600
‫Who right.

77
00:04:46,700 --> 00:04:54,830
‫But it's really simple, you just process that and then dot the variable that you pass in, maybe maybe

78
00:04:54,830 --> 00:04:55,770
‫I'm going to do it later.

79
00:04:55,890 --> 00:04:56,200
‫No.

80
00:04:56,690 --> 00:05:01,760
‫So what I'm going to do, I'm going to create a DB Reid pool.

81
00:05:01,970 --> 00:05:02,380
‫Right.

82
00:05:02,690 --> 00:05:06,560
‫And this is the user for DB Reed is called DB Reed.

83
00:05:06,950 --> 00:05:12,080
‫And the password is here's the thing goes about passwords for database users.

84
00:05:12,110 --> 00:05:20,840
‫You have to create the longest possible, most incomprehensible password ever and store it in some sort

85
00:05:20,840 --> 00:05:21,920
‫of a key vault.

86
00:05:21,920 --> 00:05:23,610
‫Right where you read that.

87
00:05:23,610 --> 00:05:24,830
‫That's the best practice.

88
00:05:25,040 --> 00:05:26,650
‫Don't store it in the code.

89
00:05:26,660 --> 00:05:28,130
‫Obviously, don't send it.

90
00:05:28,130 --> 00:05:35,810
‫Just I guess you can store it in a text file somewhere as a config that is not pushed to the source

91
00:05:35,810 --> 00:05:38,870
‫or source code, but you can use that as well.

92
00:05:39,020 --> 00:05:43,940
‫But I am going to use DB redivided because.

93
00:05:44,390 --> 00:05:45,810
‫Because why not?

94
00:05:46,490 --> 00:05:46,990
‫All right.

95
00:05:48,470 --> 00:05:53,270
‫Because if I implemented every single best practice that this video is going to become like three hours.

96
00:05:53,270 --> 00:05:53,600
‫Right.

97
00:05:53,600 --> 00:05:54,290
‫You get an idea.

98
00:05:54,300 --> 00:05:58,280
‫I'm going to talk through things that is best practice, but I'm not going to implement everything because

99
00:05:59,060 --> 00:06:00,020
‫it's just too much.

100
00:06:00,020 --> 00:06:00,250
‫Right.

101
00:06:00,620 --> 00:06:03,320
‫So I'm going to create three of those DB Reed pool.

102
00:06:04,400 --> 00:06:04,820
‫Right.

103
00:06:05,120 --> 00:06:07,580
‫And DB create bool.

104
00:06:09,520 --> 00:06:14,260
‫I got to create the old use lowercase.

105
00:06:15,080 --> 00:06:15,590
‫And.

106
00:06:19,960 --> 00:06:29,800
‫Do we read this guy's deep delete pool, DB daily delete, they've been delete, right, so three pools,

107
00:06:29,800 --> 00:06:30,790
‫guys, three.

108
00:06:32,000 --> 00:06:35,760
‫Different polls in the Connect method weren't going to connect.

109
00:06:36,320 --> 00:06:40,840
‫I'm going to to actually connect all the polls together, right.

110
00:06:41,030 --> 00:06:47,070
‫Which is the DBI, cripple, DBI, delete pool, be report.

111
00:06:47,180 --> 00:06:52,320
‫And this is awesome, guys, because those pools will start maybe it depends on the number of connections,

112
00:06:52,340 --> 00:06:54,200
‫the minimum number of connections that you start with.

113
00:06:54,470 --> 00:06:55,790
‫And this is configurable.

114
00:06:55,820 --> 00:06:57,650
‫And I talked about that in the polling video.

115
00:06:58,100 --> 00:07:01,820
‫And you can start like, you know, let's say you have so many leads.

116
00:07:01,820 --> 00:07:02,150
‫Right.

117
00:07:02,150 --> 00:07:08,370
‫So you can start with obviously more people read and write in general.

118
00:07:08,370 --> 00:07:10,580
‫It depends on the U.K. So you can start with that.

119
00:07:10,590 --> 00:07:16,520
‫A lot of reads polling since I got 10 and the delay time, obviously, no one delay it so you can start

120
00:07:16,520 --> 00:07:17,020
‫with zero.

121
00:07:17,210 --> 00:07:25,190
‫And if someone attempt to delete, we're going to open up a new data DB DB connection and then obviously

122
00:07:25,400 --> 00:07:27,830
‫we're going to keep it until it dies.

123
00:07:27,830 --> 00:07:28,640
‫Keep a lifetime.

124
00:07:29,300 --> 00:07:29,470
‫All right.

125
00:07:29,490 --> 00:07:36,680
‫So this stuff, obviously, let's go to each route and start using this stuff.

126
00:07:36,830 --> 00:07:40,670
‫So the reproduce function uses the pool.

127
00:07:40,670 --> 00:07:43,300
‫But we don't want to just use the general rule.

128
00:07:43,310 --> 00:07:48,460
‫We're going to use the DB read pool to select text from doodles.

129
00:07:48,830 --> 00:07:51,920
‫Another I think we don't need to do is as this is bad.

130
00:07:52,100 --> 00:07:57,850
‫We should again, guys, I'm just going to talk about the bad practices here and what you can do to

131
00:07:57,890 --> 00:08:01,240
‫to elevate them, but I'm not necessarily going to implement them in this video.

132
00:08:01,490 --> 00:08:06,460
‫So this is bad because this is an unbounded query.

133
00:08:06,840 --> 00:08:08,840
‫Some some people say, what did you say here?

134
00:08:08,840 --> 00:08:09,440
‫Inbounded.

135
00:08:09,440 --> 00:08:13,440
‫But because of my accent, maybe getting Gatun, it's called inbounded.

136
00:08:13,440 --> 00:08:15,180
‫That means there is no bound for it.

137
00:08:15,350 --> 00:08:19,610
‫That means if the if you have like three million rows here, you get to return all the three million.

138
00:08:19,610 --> 00:08:20,170
‫That's bad.

139
00:08:20,390 --> 00:08:27,110
‫Always limit the stuff is a limited zero 10 or do some paging or something like that.

140
00:08:27,110 --> 00:08:27,350
‫Right.

141
00:08:27,710 --> 00:08:28,400
‫Don't do that.

142
00:08:28,400 --> 00:08:29,990
‫Don't do paging Clydeside.

143
00:08:29,990 --> 00:08:33,500
‫That's bad idea, but it's a tutorial so.

144
00:08:34,700 --> 00:08:35,090
‫So yeah.

145
00:08:35,090 --> 00:08:37,430
‫Debride pool déby create to do.

146
00:08:38,750 --> 00:08:43,520
‫We're going to use the create pool and we're going to create this user going to only have create permission.

147
00:08:43,530 --> 00:08:48,050
‫So it's going to be able to insert but it's not going to able to delete as that make sense.

148
00:08:48,260 --> 00:08:48,560
‫Right.

149
00:08:48,560 --> 00:08:57,260
‫So even if you snuck out into the insert, if someone managed to do a sequel injection here, they won't

150
00:08:57,260 --> 00:08:59,370
‫be able to drop my database.

151
00:08:59,370 --> 00:09:01,250
‫So they won't be able to delete my stuff.

152
00:09:01,250 --> 00:09:03,380
‫They might be able to insert some stuff.

153
00:09:03,830 --> 00:09:04,190
‫Right.

154
00:09:04,910 --> 00:09:08,960
‫The truth is there is the riskiest here, right, if you think about it.

155
00:09:08,960 --> 00:09:12,860
‫So that's why obviously I don't have any authentication whatsoever on my app.

156
00:09:12,860 --> 00:09:13,310
‫Right.

157
00:09:13,370 --> 00:09:16,280
‫That's another layer of protection that you can add.

158
00:09:16,280 --> 00:09:16,800
‫Add them.

159
00:09:16,890 --> 00:09:23,180
‫I guess this is a clean side front end, right, with JWT or just normal authentication where nobody

160
00:09:23,180 --> 00:09:26,690
‫can actually delete unless they own that stuff.

161
00:09:26,690 --> 00:09:27,080
‫Right.

162
00:09:27,950 --> 00:09:29,660
‫And you can add multiple.

163
00:09:29,660 --> 00:09:39,890
‫So I'm just currently deleting this particular item and I'm using this particular syntax which avoids

164
00:09:41,180 --> 00:09:43,150
‫avoid SQL injection as well.

165
00:09:43,280 --> 00:09:52,780
‫That's another way to avoid second injection, but that the function the creator of this library managed

166
00:09:52,970 --> 00:10:00,060
‫is doing the sequel injection for us, that is doing the sanity sanitation for it instead of doing like

167
00:10:00,590 --> 00:10:01,100
‫this one.

168
00:10:01,100 --> 00:10:01,360
‫Right.

169
00:10:02,490 --> 00:10:03,970
‫That's that's just way better.

170
00:10:04,410 --> 00:10:08,020
‫I think that's it if I started this, let's see if we're going to Edwards.

171
00:10:08,040 --> 00:10:08,970
‫Obviously, we're going to get some.

172
00:10:08,970 --> 00:10:11,600
‫Edwards now says, OK, what the hell's Debbie create?

173
00:10:11,610 --> 00:10:13,070
‫I don't I don't have it right.

174
00:10:13,350 --> 00:10:18,900
‫So now we go to admin and we start creating all these beautiful rolls.

175
00:10:19,500 --> 00:10:21,510
‫We're going to create a new user or roll call.

176
00:10:21,510 --> 00:10:22,260
‫Debbie Reed.

177
00:10:23,730 --> 00:10:24,120
‫Right.

178
00:10:24,520 --> 00:10:29,790
‫Was the deliberate why did we call it they buried Debbie Reid?

179
00:10:31,500 --> 00:10:41,070
‫Deep, deep, deep, create, so deep read, write, read, only access to that, to that, to do table

180
00:10:41,070 --> 00:10:44,970
‫right and privileges, they can obviously log in.

181
00:10:45,000 --> 00:10:46,110
‫Are they super user?

182
00:10:46,140 --> 00:10:46,750
‫Hell no.

183
00:10:46,980 --> 00:10:47,760
‫Create rules.

184
00:10:47,790 --> 00:10:48,360
‫Hell no.

185
00:10:49,350 --> 00:10:51,020
‫Hell no update catalog.

186
00:10:51,090 --> 00:10:51,630
‫Hell no.

187
00:10:51,780 --> 00:10:54,000
‫Inherit rights from the patent trolls.

188
00:10:55,610 --> 00:10:58,110
‫OK, I don't know why it doesn't have a patent so it doesn't matter.

189
00:10:58,530 --> 00:10:59,850
‫And security.

190
00:11:00,180 --> 00:11:00,530
‫Right.

191
00:11:01,050 --> 00:11:02,480
‫Well that's it.

192
00:11:02,520 --> 00:11:03,510
‫That's all we need.

193
00:11:04,230 --> 00:11:06,210
‫The trick is they can lay a log in or not.

194
00:11:06,210 --> 00:11:12,510
‫And there is there is a reason where you you sometimes don't need this rule to the login because you

195
00:11:12,510 --> 00:11:18,900
‫might have just a roll with sort of permissions that you can assign to different tables, but it doesn't

196
00:11:18,900 --> 00:11:20,840
‫have an actual user behind it.

197
00:11:21,150 --> 00:11:27,000
‫So we save that stuff and we're going to hug and create and create DB, create, create user.

198
00:11:27,970 --> 00:11:37,780
‫A user would only create or insert permission, and the password is DBI create and what they can do,

199
00:11:38,200 --> 00:11:53,990
‫can they only login save that we can do boom db delete a user with delete permissions and delete the

200
00:11:54,040 --> 00:11:57,220
‫day name with permission privileges.

201
00:11:57,220 --> 00:11:57,970
‫They can log in.

202
00:11:58,270 --> 00:11:59,760
‫Awesome save.

203
00:12:00,100 --> 00:12:06,940
‫Now if I go to the to Tudou database, my Tudou database and I go to schema, I go all the way to my

204
00:12:06,940 --> 00:12:07,660
‫to do a table.

205
00:12:07,660 --> 00:12:08,920
‫That's my beautiful table.

206
00:12:09,280 --> 00:12:11,080
‫Right click properties.

207
00:12:11,230 --> 00:12:11,560
‫Right.

208
00:12:11,890 --> 00:12:15,610
‫There are schools that allow you to do the same thing I'm about to do but.

209
00:12:16,490 --> 00:12:23,510
‫It depends really on you what what do you prefer and now will go to privileges, obviously this this

210
00:12:23,960 --> 00:12:27,840
‫the owner of this stable is Postgres and that's a good thing, right?

211
00:12:27,890 --> 00:12:33,890
‫You want the owner to be someone who has, like, very great permission so that the measly different

212
00:12:33,890 --> 00:12:38,420
‫other users that consume the stable only have so much permission on the stable.

213
00:12:38,420 --> 00:12:38,690
‫Right.

214
00:12:38,690 --> 00:12:42,050
‫So they can they cannot drop your whole table or something like that.

215
00:12:42,560 --> 00:12:52,520
‫So I'm going to add a roll, call them PJI create and this permission is only insert because it's a

216
00:12:52,520 --> 00:12:53,020
‫great right.

217
00:12:53,360 --> 00:12:54,440
‫Can they select.

218
00:12:55,300 --> 00:12:58,360
‫Yeah, I didn't really select.

219
00:12:58,370 --> 00:13:01,400
‫So let's try without selecting.

220
00:13:01,400 --> 00:13:05,870
‫Maybe because I don't know what the internal library does.

221
00:13:06,140 --> 00:13:10,940
‫If the answer does select then we might run into an error.

222
00:13:10,940 --> 00:13:13,430
‫But let's, let's give it the minimum permissions here.

223
00:13:13,580 --> 00:13:18,380
‫Insert only rice or a and then I'm going to create another one.

224
00:13:18,740 --> 00:13:23,270
‫You call it delete and this guys only can delete.

225
00:13:24,380 --> 00:13:33,200
‫I don't have I don't have an update route, so you might want if you have if your app has an update

226
00:13:33,290 --> 00:13:35,420
‫out, you might do the same thing as here as well.

227
00:13:35,900 --> 00:13:36,290
‫All right.

228
00:13:36,290 --> 00:13:37,220
‫So this is.

229
00:13:38,640 --> 00:13:39,680
‫Good, good.

230
00:13:40,170 --> 00:13:47,700
‫Now we're going to create a debride, which only, oh, my God, this has to be only select, right?

231
00:13:47,730 --> 00:13:49,080
‫I guarantee must be selected.

232
00:13:49,090 --> 00:13:50,010
‫Well, I selected it.

233
00:13:51,270 --> 00:13:51,840
‫Didn't I?

234
00:13:54,080 --> 00:13:56,300
‫Debbie Reed, Debbie deletes.

235
00:14:01,110 --> 00:14:04,830
‫Looks like we're good, so we have to create.

236
00:14:06,260 --> 00:14:12,500
‫We have created and thought, why does it say, A, I don't know why it's called a right to be read,

237
00:14:12,500 --> 00:14:13,070
‫only read.

238
00:14:15,220 --> 00:14:23,460
‫And not only did, but we save this puppy and now if I start my app, let's see if we get any errors,

239
00:14:24,340 --> 00:14:25,540
‫no beautiful errors.

240
00:14:25,930 --> 00:14:29,020
‫So now let's go to my app and let's see if it works normally.

241
00:14:29,470 --> 00:14:37,600
‫If I look, it just we know reading works down because I just read my existing RO Rose.

242
00:14:37,600 --> 00:14:39,600
‫Right, because what what do you have, Rose?

243
00:14:39,850 --> 00:14:44,350
‫We have this is the F thing I get if I insert another thing.

244
00:14:44,350 --> 00:14:47,620
‫But the old failed.

245
00:14:47,660 --> 00:14:48,750
‫OK, let's take a look.

246
00:14:48,760 --> 00:14:49,770
‫Let's take a look at it.

247
00:14:50,200 --> 00:14:55,450
‫We failed to insert as I told you guys, I wasn't sure why, why it would fail.

248
00:14:55,450 --> 00:14:56,640
‫So let's let's take a look.

249
00:14:57,430 --> 00:14:58,330
‫So.

250
00:14:59,460 --> 00:15:07,800
‫Create to do is what failed, right, see, I did use the create pool, I am inserting into that and

251
00:15:07,800 --> 00:15:12,840
‫maybe we just put it here breakpoint and see what exactly the problem.

252
00:15:15,380 --> 00:15:21,200
‫So another thing, if you notice, I didn't return to the error to the user because one of the best

253
00:15:21,200 --> 00:15:27,950
‫practices, you don't need to tell the user what what is going on in your database.

254
00:15:27,950 --> 00:15:28,190
‫Right.

255
00:15:28,310 --> 00:15:30,260
‫So you need to create your own errors.

256
00:15:30,270 --> 00:15:36,350
‫So if you return it, that's kind of bad, because sometimes E will contain the source code and contain

257
00:15:36,380 --> 00:15:37,160
‫line numbers.

258
00:15:37,160 --> 00:15:44,090
‫And and hackers might use this to give insight into your application, where your code is, where your

259
00:15:44,090 --> 00:15:47,210
‫stuff is and might run into a problem.

260
00:15:47,250 --> 00:15:50,510
‫So so that's why I'm certain of just falls untrue.

261
00:15:50,510 --> 00:15:54,920
‫But obviously that's also confusing because you need to tell the user like no.

262
00:15:54,920 --> 00:15:56,620
‫Right, we failed, but we don't know what's going on.

263
00:15:56,630 --> 00:16:00,560
‫So you need to specific error exceptions and and stuff like that.

264
00:16:00,690 --> 00:16:01,070
‫Oh yeah.

265
00:16:01,400 --> 00:16:02,300
‫Why do we have here.

266
00:16:02,780 --> 00:16:03,190
‫Hmm.

267
00:16:03,500 --> 00:16:03,950
‫Come on.

268
00:16:05,370 --> 00:16:07,500
‫It says, permission to know for sequence.

269
00:16:07,890 --> 00:16:12,720
‫Oh, that's beautiful, that's beautiful, guys, that is so beautiful.

270
00:16:12,780 --> 00:16:14,190
‫OK, let me explain what's happening.

271
00:16:14,220 --> 00:16:15,860
‫OK, I completely forgot about that.

272
00:16:16,680 --> 00:16:17,130
‫So.

273
00:16:17,730 --> 00:16:20,940
‫So this is actually powerful stuff, so.

274
00:16:21,830 --> 00:16:31,370
‫If I have to two columns here, I'd which is which is a primary key, which is cereal behind the scenes.

275
00:16:31,550 --> 00:16:38,750
‫This actually creates a sequence and a sequence guys as a database construct that basically when you

276
00:16:38,750 --> 00:16:43,670
‫select it, it gives you the a number and you selected again, it gives you another number as just a

277
00:16:43,670 --> 00:16:45,080
‫sequence of numbers.

278
00:16:46,400 --> 00:16:57,140
‫Here's the thing I gave my DBI create user access to my to do so I can insert barve, but the the act

279
00:16:57,140 --> 00:17:03,670
‫of inserting a new row in my to do table triggered that sequence.

280
00:17:03,920 --> 00:17:05,000
‫Right, right.

281
00:17:05,000 --> 00:17:09,400
‫And I need to get a new sequence of what this device does.

282
00:17:10,190 --> 00:17:16,270
‫It reads from the to do ID sequence in order to get the next sequence.

283
00:17:16,280 --> 00:17:23,920
‫But guess what, the user do not have permission on reading that sequence.

284
00:17:24,530 --> 00:17:29,770
‫So we need DB create to get access to the sequence.

285
00:17:29,810 --> 00:17:30,950
‫Not everybody else.

286
00:17:31,250 --> 00:17:33,830
‫Just a read should be enough.

287
00:17:33,830 --> 00:17:34,160
‫Right.

288
00:17:34,460 --> 00:17:38,360
‫And, and hopefully that should be enough with the select in this case.

289
00:17:38,360 --> 00:17:39,340
‫That's a good practice.

290
00:17:39,350 --> 00:17:40,400
‫That's a good, that's a good.

291
00:17:40,450 --> 00:17:46,990
‫I'm happy that we failed here so we can learn the process that's going to run this beautiful the by

292
00:17:47,090 --> 00:17:52,790
‫by the way guys will be available in the description below and I'm going to share that with you.

293
00:17:54,020 --> 00:17:57,050
‫I need to actually write.

294
00:17:59,420 --> 00:18:00,430
‫Let's try this up again.

295
00:18:01,450 --> 00:18:03,480
‫Boom, boom.

296
00:18:07,130 --> 00:18:14,810
‫Oh, another permission denied again, I thought I give you the permission.

297
00:18:15,050 --> 00:18:25,870
‫So is is select is not enough permission enough or sequence to DOS ID sequence, but I gave you access.

298
00:18:25,880 --> 00:18:26,930
‫That's interesting.

299
00:18:27,920 --> 00:18:33,830
‫What what what exactly do you need, apparently select not enough guys.

300
00:18:34,490 --> 00:18:36,010
‫All right, let's read it again.

301
00:18:36,920 --> 00:18:42,560
‫Despite me giving you the security, I give you a read.

302
00:18:43,420 --> 00:18:44,620
‫With grant permission?

303
00:18:44,720 --> 00:18:52,930
‫No, no, no, definitely not maybe usage, that's a different I don't know what usage means here.

304
00:18:53,330 --> 00:18:54,820
‫There's a difference between selecting usage.

305
00:18:54,820 --> 00:18:55,810
‫Let's give it usage.

306
00:18:56,500 --> 00:18:58,270
‫Maybe we'll read about that later.

307
00:18:58,750 --> 00:18:59,350
‫Refresh.

308
00:19:02,270 --> 00:19:03,420
‫And then boom, boom.

309
00:19:05,330 --> 00:19:14,960
‫Okay, looks like we did it, guys, so the trick was not select persay, its usage, the idiot reading

310
00:19:14,960 --> 00:19:20,300
‫a sequence, the consequences different than using the sequence to generate a sequence, apparently.

311
00:19:20,300 --> 00:19:20,580
‫Right.

312
00:19:20,810 --> 00:19:23,570
‫So that's the difference here with with with this sequence.

313
00:19:23,570 --> 00:19:29,000
‫We need to give them two permissions, DB sequence and DB grant and select.

314
00:19:29,960 --> 00:19:33,500
‫Well the I mean, use it sorry usage.

315
00:19:33,500 --> 00:19:34,650
‫And that's awesome.

316
00:19:34,870 --> 00:19:36,500
‫How about delete does delete work.

317
00:19:36,700 --> 00:19:37,210
‫Did it it.

318
00:19:38,770 --> 00:19:40,360
‫Oh oh oh.

319
00:19:40,910 --> 00:19:42,340
‫I don't think delete is working.

320
00:19:44,000 --> 00:19:45,350
‫Let's take a look.

321
00:19:45,650 --> 00:19:47,090
‫Why is delete not working.

322
00:19:47,480 --> 00:19:48,860
‫Because if I click.

323
00:19:54,010 --> 00:19:57,490
‫Let's put the what the heck?

324
00:20:01,650 --> 00:20:06,000
‫All right, David, did it pull boom, why?

325
00:20:06,910 --> 00:20:13,210
‫Permission, dad, permission to not for table tattoos, all right, guys, so I think I know what's

326
00:20:13,210 --> 00:20:17,020
‫going on, but let's first fix the bug in my client's side.

327
00:20:17,020 --> 00:20:24,940
‫Why, when I click, delete and I fail and I return false, nothing happened and my client doesn't tell

328
00:20:24,940 --> 00:20:25,570
‫me anything.

329
00:20:25,810 --> 00:20:30,190
‫So I'm going to go to my index page and see delete where's my delete method here.

330
00:20:30,640 --> 00:20:35,850
‫And it says, OK, if if not succeed, I should have failed.

331
00:20:35,870 --> 00:20:36,280
‫Right.

332
00:20:36,490 --> 00:20:37,960
‫But I'm not even getting that.

333
00:20:37,960 --> 00:20:44,890
‫So I'm going to do a little bit debug on the client side here to see why, why that's a problem.

334
00:20:45,520 --> 00:20:49,060
‫So let's just do some little bit of client side coding here.

335
00:20:50,770 --> 00:20:55,480
‫It's been a while, it's been a while, beautifulest demo code.

336
00:20:56,480 --> 00:20:59,480
‫Let's do that boom and then refresh.

337
00:21:01,380 --> 00:21:04,140
‫And then it's just before I clicked on it, did I?

338
00:21:04,770 --> 00:21:05,490
‫Yes, I did.

339
00:21:05,670 --> 00:21:06,950
‫Now this will fail.

340
00:21:07,840 --> 00:21:10,210
‫Go ahead and fail, false return false.

341
00:21:10,630 --> 00:21:13,860
‫We got back here, the success, this is true.

342
00:21:14,170 --> 00:21:15,550
‫What are you talking about?

343
00:21:15,560 --> 00:21:16,500
‫How is this true?

344
00:21:16,840 --> 00:21:17,950
‫That's wrong.

345
00:21:18,610 --> 00:21:19,910
‫That is wrong.

346
00:21:19,930 --> 00:21:21,590
‫How is a result true?

347
00:21:21,610 --> 00:21:23,970
‫We clearly right.

348
00:21:25,110 --> 00:21:25,920
‫Let's do it again.

349
00:21:26,370 --> 00:21:33,030
‫Let's do it this side here, I'm going to move my breakpoint somewhere else and let's just remove this.

350
00:21:33,660 --> 00:21:41,510
‫So I did remove these, OK, so we return false lesser dude to delete to do all of that.

351
00:21:41,520 --> 00:21:44,820
‫Guys, we're not using this stuff that's just dumb and.

352
00:21:45,410 --> 00:21:45,690
‫Right.

353
00:21:45,700 --> 00:21:49,800
‫So the bug here is this should be like that, right.

354
00:21:52,180 --> 00:21:56,890
‫Although sex is equal, this we're not actually setting that thing, that's just bad.

355
00:21:58,150 --> 00:22:05,070
‫OK, now if I let's try without debugging, because I have confidence this will work, if I do the up,

356
00:22:05,080 --> 00:22:06,150
‫that's it failed.

357
00:22:06,240 --> 00:22:07,270
‫That's exactly what I want.

358
00:22:07,330 --> 00:22:09,070
‫OK, now it failed.

359
00:22:09,250 --> 00:22:10,860
‫And here's why it failed.

360
00:22:11,350 --> 00:22:15,100
‫Why did we give the delete permission, guys?

361
00:22:15,670 --> 00:22:18,790
‫The DB create DB delete.

362
00:22:18,790 --> 00:22:20,320
‫We only give it delete but.

363
00:22:21,730 --> 00:22:26,020
‫If you look closely to what what that delete user is doing.

364
00:22:27,690 --> 00:22:37,860
‫It is not only the leading, it is actually it needs to identify what what are the rules in order to

365
00:22:37,860 --> 00:22:38,280
‫delete it.

366
00:22:38,300 --> 00:22:44,220
‫So technically it needs to find the ID and the database and then delete that.

367
00:22:44,550 --> 00:22:49,110
‫The act of fining is a select, so you need to give it a select.

368
00:22:49,360 --> 00:22:52,490
‫OK, so that's that's what was missing here.

369
00:22:53,370 --> 00:23:00,090
‫So we go properties, security, DB delete, give it a select which is not a big deal.

370
00:23:00,510 --> 00:23:05,970
‫And just like that refresh now we have refresh here.

371
00:23:06,330 --> 00:23:13,740
‫Boom deleted add to do there to do another Dinu boom boom boom boom.

372
00:23:13,930 --> 00:23:15,000
‫That's awesome man.

373
00:23:15,300 --> 00:23:22,770
‫Now we have a beautiful application with a specific database user for each resprout.

374
00:23:23,040 --> 00:23:24,320
‫How about that guys.

375
00:23:24,480 --> 00:23:25,830
‫Help you enjoy this video.

376
00:23:26,160 --> 00:23:28,320
‫Give it a like if you like it share with your friends.

377
00:23:28,320 --> 00:23:29,610
‫I'm going to see in the next one.

378
00:23:29,610 --> 00:23:30,690
‫You guys stay awesome.

379
00:23:30,690 --> 00:23:31,140
‫Goodbye.

380
00:23:31,260 --> 00:23:32,640
‫Check out the other contenders gentled.

381
00:23:32,640 --> 00:23:35,670
‫By the way guys, we talk about back in mostly in the shower.

382
00:23:35,670 --> 00:23:37,710
‫That's my specialty right now.

383
00:23:37,800 --> 00:23:39,890
‫The next one guy's awesome by.