I have already stated I am a WeWeb newbie. I am also, as we say in Canada, an “old fart” meaning I am as old as your grandfather. I have, however, a sharp mind. I last developed software at an enterprise level but not on the web and so security is a new issue.
On another discussion comparing Xano to Supabase, Comnoco and FasGen were discussed, and I have looked into Comnoco mostly. Their big selling point is keeping business and data knowledge on the backend as the front end is exposed through the user’s browser to attack.
My questions revolve around security and the following questions:
If we use TSL to encrypt communications between the front end and the back end, How secure or insecure are we?
Using WeWeb and Supabase plugins, how much of the data and logic may be hackable on the browser?
Would using something like Comnoco alleviate some or all security issues.
As i asked about WeWeb and Supabase, Can Comnoco APIs be self-hosted so as to not be held hostage in the future.
As Comnoco and others are subscriptions, do the APIs only reside on their servers and isn’t that just another place for things to slow down?
Some hopefully constructive comments. Sometimes, I have to re-run a section numerous times to see where you clicked your mouse. On some videos, you use a mouse highlighter. This is useful but sometimes just verbally stating what you are doing helps. We are new to this.
I am still trying to ascertain what difference using the Rest API to connect with Supabase makes as opposed to using the Supabase API. Similar is Supabase Auth versus WeWeb Auth. We have been burned by Backendless with their price changes and need to feel like we can be independent and capable of self-hosting.
The Supabase plugin for WeWeb just abstracts some of the logic that you would have to handle yourself if you were to use REST API.
I’m not familiar with Comnoco but I’ve been working with Supabase for a few months now and I freaking love it. I believe it meets all of your requirements. It’s highly secure, notably thanks to row-level security, and it’s fully self-hostable. It’s a database at its core so all your data is on the backend (which is probably the most common architecture in web dev), and it also has edge functions which allows you to handle a lot of business logic in a way that’s not exposed on the front end. It’s also incredibly affordable, not that that seems to be a major concern for you.
Anyway, I’m not paid by Supabase or anything, I just really like the product. Feel free to reach out if you have any questions, I’d love to talk!
Thanks for the response and for reaching out. Where, in Canada, are you located? How long have you been using WeWeb and for what type of development.
I am in Hamilton. As per my post am just a newbie to WeWeb and have not done any software development for over 20 years. I am excited to get back into it. It was my favourite job, ever.
Thanks Joyce for the Security 101 link. I hadn’t watched that video previously. It is almost entertaining to see how easily a poorly designed site can be hacked. I had already postulated that the most secure methods involved doing much of the filtering and security at the backend, but this video shows more clearly how some of that is done.
