Experimenting with doing something similar to the datsys architecture, but am having trouble working through some of the security concerns managing a datascript <-> datomic connection.
I did read this, but I don't feel like it answers all the questions. What are your thoughts on doing access control, permissions, etc. at both the write and read level? In other words, how do we prevent one client from executing a transaction they shouldn't, and how do we effectively scope responses being sent back down based of a query or as a reaction to a transaction?
Experimenting with doing something similar to the datsys architecture, but am having trouble working through some of the security concerns managing a datascript <-> datomic connection.
I did read this, but I don't feel like it answers all the questions. What are your thoughts on doing access control, permissions, etc. at both the write and read level? In other words, how do we prevent one client from executing a transaction they shouldn't, and how do we effectively scope responses being sent back down based of a query or as a reaction to a transaction?