152
votes
Accepted
How do I mitigate a scenario where a user goes to pay, but the price is changed mid-request?
Alice wants to pay Bob for a service. Bob has quoted her $10.
Give this quote a unique token.
Alice clicks pay.
When this response is send to the server, it must go with the token of what ...
- 9,261
78
votes
Is the frontend or backend (API) responsible for formatting data in a specific locale?
Approach 1 – handling formatting in the frontend – is usually the best answer, as once something has been formatted it is less suitable for further processing. If there are multiple consumers in ...
- 15.3k
67
votes
How can I access Excel from my backend?
Not the answer you were hoping for
While this may be possible somehow, it is likely a dead-end solution. You should seriously reconsider the decision to not want to rebuild the logic in a language ...
- 18.6k
59
votes
Accepted
SQL sanitizing in code with no user input
If there is never any user input at all, or the program is only used internally, the importance of sanitizing should be reduced.
But there are still a few possible reasons to always do so
If all ...
- 6,329
58
votes
How do I mitigate a scenario where a user goes to pay, but the price is changed mid-request?
A quote should be a write-once record.
Bob isn't allowed to edit it once it has been created and passed to Alice.
You can ensure this at different levels, from simply not offering an edit dialog to ...
- 18.6k
51
votes
Am I right that switching programming languages will have little impact on the scalability of a CRUD API?
At a global level, you're wrong - language does matter, or at the very least you will spend more $$$ on compute if you write it in a less computationally efficient language.
While I'm not at liberty ...
- 26.1k
42
votes
Accepted
Am I right that switching programming languages will have little impact on the scalability of a CRUD API?
There's a good video (warning, contains really a lot of swearing, but worth it) that will give you a good basis for arguing against this consultant... Solving Imaginary Scaling Issues (at Scale), by ...
- 830
40
votes
SQL sanitizing in code with no user input
Parameterised queries should be your standard approach to all SQL. If you are trying to find reasons why you don't have to use them, then you are doing yourself a disservice.
In your example you have ...
- 84.4k
34
votes
SQL sanitizing in code with no user input
By using parameterized queries your SQL server doesn't have to recalculate the query execution plan each time you use a query.
This can improve performance for queries ran often.
- 13.3k
29
votes
How do I mitigate a scenario where a user goes to pay, but the price is changed mid-request?
This must be an extremely common problem to deal with, no?
No, it isn't. I doubt you'll be able to find a payment processor that lets you change the amount after the customer has authorised a ...
- 12.4k
23
votes
How can I access Excel from my backend?
Microsoft has an official in-depth response to this question:
Considerations for server-side Automation of Office
They provide no support for automating Excel directly in the backend, and they ...
- 339
20
votes
How do I mitigate a scenario where a user goes to pay, but the price is changed mid-request?
Just send the amount Alice agreed to pay along with the request. If the price has increased since Alice sent the request, you send a response indicating that the item could not be purchased at or ...
- 783
20
votes
Am I right that switching programming languages will have little impact on the scalability of a CRUD API?
You should remove this consultant from touching any of your system. A consultant suggesting a complete rewrite of an application in a different language are going to cause a lot of damage to the ...
- 12.5k
18
votes
Accepted
Should frontend and backend be on separate GitHub repos?
There are two main considerations for deciding to use one or two repositories:
Will it hinder or aid the development of the front-end or the back-end if the other is also present in your dev ...
15
votes
Am I right that switching programming languages will have little impact on the scalability of a CRUD API?
With a simple CRUD api, your bottlenecks are probably the network and the database. So the code you use for mediating and translating between the two layers is probably not that performance-critical.
...
- 23.5k
15
votes
Accepted
Is the separation of a database process from the main backend process really "good practice"?
Everything comes with a cost. If you're lucky, it comes with a benefit that outweighs the cost.
What you're debating is which ORM to use: diesel.rs vs Java/JPA API
Diesel is a Safe, Extensible ORM ...
- 120k
12
votes
Steps to achieve the best code quality?
What I didn't hear you mention was peer reviews.
You did say 'we' a lot. So I assume this is a team. The best use of a team is to check that you're not simply deluding yourself about how awesome you ...
- 120k
12
votes
Is the separation of a database process from the main backend process really "good practice"?
The way you describe it it does indeed sound bad and I think you are right to question the solution.
However. Let me change some words
You said:
React frontend --> REST calls --> Rust Backend --&...
- 84.4k
11
votes
Is the frontend or backend (API) responsible for formatting data in a specific locale?
When you think about having one frontend application and one backend, the decision seems to be very arbitrary and both can work.
But the more you have different frontends and backends the clearer it ...
- 827
11
votes
What to cover with integration tests?
Unit tests should test the behavior of your core code. They should be deterministic, parallelizable, and fast.
Integration tests should test that the rest of the system, that you had to cut out of the ...
- 120k
10
votes
Frontend and backend developer working on a project - who starts the tasks first?
you are never really sure how the backend dev will return the hashmap to the frontend
Okay, that is your problem. With that problem as a given, it doesn't matter who starts work first -- it will be a ...
- 2,461
10
votes
Accepted
Clearing up misconceptions about a Flask backend and client-side rendering
You are incorrect about the need for separate front-end and back-end servers.
You need only one server, which can be your Flask-based server, that
provides one (static) HTML page when users access the ...
10
votes
Accepted
code generation - would C be a good compiler backend?
Define "good" and "bad" backend
According to what criteria do you evaluate whether it is a good or bad solution? Without knowing, we are more in subjective beliefs rather than objective advise:
...
- 82.1k
10
votes
Accepted
How can I access Excel from my backend?
This support doc, while warning against attempting this, and clearly stating that it's a completely unsupported scenario, nevertheless lays out a roadmap for what you'd need to do if you attempt it.
...
9
votes
Accepted
How do serverless architectures manage database connections?
Since a serverless app keeps no state between runs, it can't maintain a database connection pool. Serverless apps really face the same constraints as 90's CGI scripts. In general, a permanent server ...
- 136k
9
votes
SQL sanitizing in code with no user input
I just want to point out that your example is actually extremely, extremely nasty, because somebody not familiar or not careful enough would glance at these parentheses and assume that you're using ...
- 99
8
votes
Accepted
Authentication and authorization - front-end vs back-end dilemma
The backend person might have omitted their valid justifications
Back-end person claims that front-end should to have two calls. First to authenticate user (login process) with JWT response only ...
- 59.5k
8
votes
How do I mitigate a scenario where a user goes to pay, but the price is changed mid-request?
Yes this is a common issue, and it is about transactional consistency.
To summarize your issues:
the quote is binding for the seller. In general it has a reference and an expiration date/time.
the ...
- 82.1k
8
votes
code generation - would C be a good compiler backend?
Every platform has a compiler that supports it, and it can be compiled to every architecture in existence.
But they don't all behave the same. As a compiler writer, I don't want to have to depend on (...
- 110k
8
votes
How do you design applications with client-based DBs?
The premise of this question seems to imply that some standard application architecture exists that the rest of us know about, but the original designers of this system ignored with wanton disregard ...
- 46.1k
Only top scored, non community-wiki answers of a minimum length are eligible