I am very new to WeWeb and looking to build an SaaS usin MySQL as the database. The notes on the SQL API suggest it is not secure enough for a web app and so I am asking for recommendations.
I’d suggest using a middle layer (API) such as Fastgen or others as by executing SQL client-side, unless it’s a closed app (not exactly the definition of SaaS) you’re exposing yourself to SQL injection and vulnerabilites. If you like SQL, you might love Supabase, which is built on PostgreSQL and they incorporate it pretty well into everything.
1 Like
Thanx Broberto.
I took a quick look at Supabase and this is my understanding of what they are doing. They are hosting PostgreSQL with a the API layer that does what your say on the SQL end and there is a Supabase plugin on the WeWeb side so the connection should be simpler & more secure. Is this correct?
Yes, and they also provide all the other services like Auth and Storage 
Do you know if the WeWeb plugin for Supabase, communicates directly to use the Auth?
Yes, it authenticates every request you send and then it’s up to Supabase to decide what to do with it.
I will test this out. It looks like Supabase can be self-hosted too.
1 Like
I am told by my web server expert (who hosts the SQL I wan to use) that is we turn on SSL there should be no security issues using the WeWeb SQL plugin.