

Databound – exposes Ruby on Rails database to the JavaScript side - Nedomas
http://databound.me

======
jameskilton
Mind if I ask why this exists?

The operations side of me sees nothing but a massive security hole.

The developer in me sees anything built with this to be a maintenance
nightmare, even more so than many Rails apps tend to be.

What benefit does this library provide?

~~~
Nedomas
Thanks for asking, James.

Many Rails apps get/create/update database data on the Javascript side.
Sometimes it is done using some kind of framework (Ember, Angular).

This is for the times you don't use a full fledged framework - think React or
something similar.

Its benefit is that you don't have to set up routes, parsing/encoding for the
data you send.

It lets you securely choose which parts of the model you want the Javascript
to edit (permitted_columns).

It also works with Active Model Serializers (f.e. UserSerializer) - it lets
you specify which attributes to send to the client.

It is as secure as you would do it yourself.

If possible, please hack the databound.me website and help me fix the holes if
there are any.

Thanks!

~~~
jameskilton
This isn't about "hacking" the website, it's about protecting the users of
your library (including yourself). I'll open an Issue with more details.

~~~
Nedomas
Thanks.

For other readers: the issue is being adressed at
[https://github.com/Nedomas/databound/issues/2](https://github.com/Nedomas/databound/issues/2)

~~~
Nedomas
Fixed with 1.1.0 release.

[https://github.com/Nedomas/databound-
rails/commit/04e28afaf0...](https://github.com/Nedomas/databound-
rails/commit/04e28afaf0d37f32241800425c98e809e1fbb9e9)

