Appwrite for commercial apps
I thought of moving all data into supabase, but it's not GDPR complaint, and their edge functions needed for almost anything related to backend makes your data go everywhere around the world, and obviously losing the control over all the data, that's whe I want to use appwrite, but can't figure if it's safe enough.
I don't know about the GDPR
But Appwrite functions are 100% isolated from the engine.
And even through the function itself you can't access the data without appropriate API key.
And you can deploy the functions manually.
Appwrite function are edge / cloud functions. that can run any compute you need on demand.
What I'm trying to say is that Appwrite function mechanism is not related to your Appwrite in data context.
This is the functions library ( also build by folks from Appwrite)
Yes, that's why I decided using appwrite
The only thing I "fear" about appwrite is:
- data security and vulnerabilities
- efficient official support
With scaling looks like there should not be any major inconvenience
Appwrite is technically GDPR complaint
For that I think you should wait for an official answer
the email is for disclosing security vulnerabilities which we've had reports before and have worked with the submitter to get resolved.
The biggest security concern when it comes to the data would be you making sure you secure it. for example,
- don't expose access to mariadb
- have a secure password for mariadb
- use a custom, secret openssl key and executor key
- have permissions in place for your data (don't put
anyfor all documents and files if it shouldn't be exposed to everyone)
- lock down your server
there are other security precautions you can take like putting a WAF in front of Appwrite
How do you want the server be lock down if the users need access data? I suppose you are referring to physical access or direct access to server management. In such case there's not any problem, since it's directly a managed hosting
yes, but also point 4
and maybe firewall rules or something to make it so that only the appwrite server can connect to the managed mariadb
That's I think I make with all of my apps, I will use cloudflare's WAF cause I'm using already it for other proposes. I also will block direct access to supabase appwrite console with Cloudflare for an additional security layer
I didn't thought about that, sincerely it's a great idea
supabase? 🧐
Sorry 😅
I'm definitely blocked with this unuseful thing
what do you mean?
That supabase is unuseful for me, basically, and I think appwrite is better for almost every thing in my case
Thanks you really much for your support, now I will start using definitely appwrite for my commercial app
Appwrite is missing some important features right now like transactions, relations, offline support, batch updates, and atomic operations to name a few things. If you don’t need those Appwrite is great but I would hold off on a super app until these features are implemented
Offline support? I think it's not needed, because in such case data will not be updated. Even if needed, you could achieve that "manually" by saving the items locally. Relations, maybe they are more useful, but you can save the id in the database, get such id and get the corresponding item, so also there's not any issue with that.
Never heard of batch updates or atomic operations, so I think that will not be needed in most apps, even if needed, a custom backed connected to appwrite or functions will solve it.
What every app needs in common is what appwrite is offering
Update: If you don't want relying on third parties for your app WAF, you can use modsecurity plugin for traefik (a docker container appwrite uses). However it's installation is going to be probably more difficult than others
