Well here’s an update for you all. You can in fact create a proxy Repl for a DB. You can have multiple Repls share a single DB. I don’t know if this is good or bad. The goal here is to ensure that a Replit DB can only be accessed by people with edit access to the Repl.
This means create an always on repl that acts as a DB right?
No. I’m not paying for that. And the Repl that will use the DB won’t be always on either.
still i expect the proxy repl to be running when access to the DB is needed, or is this something else?
It’ll just have to wait to be booted.
Then just use a cloud service like mongodb atlas or whatever that is always on and free. Use authentication or two-key crypto for security (or both)
Alternately (while highly insecure) you can just hard-code the repl to always connect to the same database. (I don’t recommend this, but it is possible.)
1 Like
So it has been determined that if you have shell access to Repl “a” you can find the DB URL and with it make another Repl “b” and from Repl “b” view and modify the DB of Repl “a”. Without shell access can anybody get the DB URL or access it in any other way?
1 Like
Not that I’m aware of.
3 Likes
I believe the url changes, not frequent, but still, that makes this idea likely impossible to put into practice.
1 Like
I just realized that if I let the users create a DB for their username’s info then I will not know the DB’s name and subsequently no one will be able to steal the secrets because nobody will know the username. They just need it to be different from their Replit username.
1 Like
the db is just a jwt encoded token with the repl id, slug & repl owner, so it does change but not often it takes a little time.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.