July 18, 2021 at 8:17 am
Hi guys and gals, I just got laid off some few days ago, and in order to sustain a living, I had to become a bit "creative". Hence, I just started a service provider where I will create a complete Angular frontend application and a complete .Net5 based web API (CRUD), wrapping any existing database you might have. Read more below ...
The process is based upon an open source framework I have created, and I am looking for partners too, in case it's not interesting for you as an individual. I can work with both SQL Server and MySQL databases, but it has to be a fairly new installation I suspect (I haven't tried it against really old servers). I will also need a connection string, with read access to system tables, if I am supposed to host the thing. Which is one of my services.
To see my partner proposal, you can read the deal here. Basically, I'll split installation costs in half, and share 50/50 with anyone providing me with clients.
Thank you for your attention 🙂
Thomas Hansen
July 19, 2021 at 9:10 am
Thanks for posting your issue and hopefully someone will answer soon.
This is an automated bump to increase visibility of your question.
July 20, 2021 at 8:03 pm
I was just reviewing what you had on your site and noticed a few mildly concerning things that may just need more clarification to me.
First, you say "Below is an app created and delivered using this process in 1 minute!" in the first paragraph and then in the image that is immediately below it, it is captioned with "This web app was created by us in 1 hour, delivered in 1 day, and would typically require another developer at least 3 to 6 months to deliver manually.". I am confused why you would say it was created and delivered in 1 minute and then immediately say it was delivered in 1 day. 1 minute and 1 day are drastically different timelines.
Second, if I understand what service you offer - you offer a web interface for CRUD operations on a database on a table-by-table basis. I presume that this would work with VIEWs as well, but not certain. How does it handle foreign key constraints on the database side?
I do see where this tool would be beneficial, but I think I'd need to see a bit more in the demo site around how you can implement security; specifically row-level security.
It is a neat tool, but I would have expected to see a bit more around what would be possible logging in as an "admin". For example, seeing how to create new users for the system or how to configure it for authentication (does it support LDAP? What about MFA?).
My opinion, this is a nice hobby system, but I don't see it as being enterprise ready based on the demo site that is set up unless there is more that I am not seeing. As for the usefulness, it seems like there is little to no logic built into how the data can be entered and how it is managed apart from data types. Does the tool support handling NULLABLE columns as well as NOT NULL columns? What about constraints or calculated columns? Since you indicate the tool needs an account with read access to system tables - does this mean that the authentication to the web interface is different than the authentication to the database system? That last question could be critical for auditors! If they ask "who modified this row?" and I respond with "looks like WebService updated the row", they are not going to like that answer.
Just a few of my concerns with the tool. Overall, looks like a nifty tool and I am sure it has some good use cases that I am not thinking of. And maybe some of my concerns are addressed in the tool, they are just hard to present in the demo site.
The above is all just my opinion on what you should do.
As with all advice you find on a random internet forum - you shouldn't blindly follow it. Always test on a test server to see if there is negative side effects before making changes to live!
I recommend you NEVER run "random code" you found online on any system you care about UNLESS you understand and can verify the code OR you don't care if the code trashes your system.
July 21, 2021 at 5:13 am
Hi Brian, and thank you for a thorough analysis, I appreciate it, lots of good ideas and pain points in your comments.
The app is generated in only some few seconds actually. However, it typically takes me an hour or more to setup a git repository for it and deploy it to a VPS. Besides, I cannot guarantee that I am available for the customer immediately once he wants the app, so I try to keep it real, and I avoid promising anything faster than a day. But yes, I realise it's a bad wording there. Thank you for pinpointing that.
As to the second paragraph, the process actually creates code, which I think personally is paramount, since it gives you a foundation to change things. So it's not a web interface, it's the creation of a web app. As to views, the automatic process ignores these, but you can also create custom endpoints with SQL, accepting parameters, to wrap your views.
As to security, it needs a database which it creates automatically, where it stores users and roles. Authentication is built upon JWT tokens, and passwords are stored hashed (BlowFish with individual per record based salts). I'm pretty sure it would be impossible to hack, but of course there might exists bugs. But if you can keep your JWT secret a secret (symmetric HMAC) and make sure you've got strong passwords, security should be better than most of the stuff I have seen out there in "the real world". Row level security does not exists by default. If you've got access to the CRUD endpoints, you can access all rows. But implementing row level security is not too difficult, but it requires manual coding (after the CRUD generation process on the generated files).
As to logging into the dashboard itself, is not something I can enable, since it gives complete control over the entire server, including bash access, and everything. It's basically the equivalent of a "root" Linux account once you're there. The thing supports LDAP out of the box though, but I have only tested this on IIS, and I suspect it'll only work with IIS too. But this is only on the web API. The GUI doesn't (yet) accommodate for LDAP. And LDAP is only supported for authentication, and creates a JWT token in the end, and uses authorisation from the integrated roles system.
As to NULL values. You gave me an idea here actually. However, currently it doesn't support "nullifying" a value from the GUI. The web API fully supports this though. Constraints can be declared (manual process after having generated code), through validators, that typically is more rich than any constraints you can setup on the database level.
The authentication to the database and the web API are two distinctly different things yes. As to "who updated a row", you can declare logging on update and delete endpoints.
Thank you for a long and detailed review. There are several points in it which I am grateful for, since it helps me sharpen my communication, and also a couple of good ideas to be implemented for me there.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply