feld on Nostr: > And no, it's not the same as handing out unrestricted access to your DB any more ...
> And no, it's not the same as handing out unrestricted access to your DB any more than REST is. It's an alternative way to make APIs, not a SQL replacement.
Here's what I'm talking about, sourced from those HN comments:
>> It's actually worse than that [bad query example in a previous comment], because with graphql you can create a single query which is the moral equivalent of:
SELECT * FROM master_table LEFT JOIN sub_table LEFT JOIN sub_sub_table LEFT_JOIN sub_sub_sub_table...
...which is effectively "dump everything". In a REST environment you'll at least need a lot more individual requests - that's both the blessing and curse.
I do not want that power to exist in an API that I give to any developer, ever.
Here's what I'm talking about, sourced from those HN comments:
>> It's actually worse than that [bad query example in a previous comment], because with graphql you can create a single query which is the moral equivalent of:
SELECT * FROM master_table LEFT JOIN sub_table LEFT JOIN sub_sub_table LEFT_JOIN sub_sub_sub_table...
...which is effectively "dump everything". In a REST environment you'll at least need a lot more individual requests - that's both the blessing and curse.
I do not want that power to exist in an API that I give to any developer, ever.