If you’re modeling relational data, it doesn’t seem like you can get around using a DB that uses SQL, which to me is the worst: most programmers aren’t DB experts and the SQL they output is quite often terrible.

Not to dunk on the lemmy devs, they do a good job, but they themselves know that their SQL is bad. Luckily there are community members who stepped up and are doing a great job at fixing the numerous performance issues and tuning the DB settings, but not everybody has that kind of support, nor time.

Also, the translation step from binary (program) -> text (SQL) -> binary (server), just feels quite wrong. For HTML and CSS, it’s fine, but for SQL, where injection is still in the top 10 security risks, is there something better?

Yes, there are ORMs, but some languages don’t have them (rust has diesel for example, which still requires you to write SQL) and it would be great to “just” have a DB with a binary protocol that makes it unnecessary to write an ORM.

Does such a thing exist? Is there something better than SQL out there?

  • cwagner@lemmy.cwagner.me
    link
    fedilink
    arrow-up
    44
    arrow-down
    3
    ·
    1 year ago

    Maybe a hot take, but if SQL injection is still an issue, you have no business developing anything. This is a solved issue and had been for years.

    • boo one@lemmy.one
      link
      fedilink
      arrow-up
      6
      arrow-down
      2
      ·
      1 year ago

      I have seen that this is still a problem, even in established enterprise companies.

      • cwagner@lemmy.cwagner.me
        link
        fedilink
        arrow-up
        11
        arrow-down
        1
        ·
        1 year ago

        How? I never worked in a big company, but do they just have absolute beginners without any guidance writing code that’s then never checked?

        • DirigibleProtein@aussie.zone
          link
          fedilink
          arrow-up
          10
          arrow-down
          1
          ·
          1 year ago

          I worked in several big companies, and the answer is “often”.

          The database at the backend of the web page that allows customers to order widgets online is written and maintained by DBAs, with functional specifications and agile and program managers and Gantt charts and all that stuff.

          The database used by the system administrators to keep track of servers and parts; or by managers to keep track of hours worked; or by the network engineers to keep track of wifi repeaters; those databases are written by someone who did an online course once, or by whoever on the team possessed insufficient reluctance when the idea came up in a meeting.

          And when we see on the evening news that personal records of 7.5 million people have been stolen by hackers, it doesn’t matter which side of the line the programmers are on, the shit is evenly distributed all over IT, whether they were involved or not.

          • Semi-Hemi-Demigod@kbin.social
            link
            fedilink
            arrow-up
            9
            ·
            1 year ago

            I’ve worked in various support roles for sysadmins and the fact that things work at all is amazing to me. I’ve encountered so many people whose skills make me wonder how they got their job working at huge important corporations and organizations with extremely sensitive data.

            For example, how can you consider yourself a senior DBA if you don’t know how to read a log file to figure out an error? Most of my workday is filled with supporting basic computer literacy, and I’m working with the people who are supposed to know this shit.

            • Magnus Åhall@lemmy.ahall.se
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              I’m horrfied every day at work that copy/paste still is an issue. All my coworkers and customers are still struggling with copying some data, switching to another program, pasting it, switching back, copying some other data, and so on, especially when needing two or three data frequently.

              In Windows, a (bad) solution is using win+tab, which literally no one knows about, much less uses.

              In Linux (and should be in Windows too), it is trivial to implement buffers (say 0-9) to store and retrieve clipboard data for subseconds access.

    • onlinepersona@programming.devOP
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      4
      ·
      1 year ago

      “If you don’t know what I know, you shouldn’t be here”

      “I don’t make mistakes that end up #3 on the vulnerability list, and if you do, I don’t want you around me”

      I find that a gate keeperish attitude.