search

prisma / docs

📚 Prisma Documentation
https://www.prisma.io/docs
Apache License 2.0
983 stars 779 forks source link

Idea: General security and data privacy overview #1639

Open mhwelander opened 3 years ago

mhwelander commented 3 years ago

Context

We do not have anything Googlable about data privacy and security - even though this is up to the developer at implementation-level, it would be nice to have a page or section stating that.

andrew-walford-prisma commented 2 years ago

We also had an enquiry from a prospective user about "how Prisma handles security and safeguards against SQL injection". There's apparently some discussion on our public Slack channel - we could perhaps bring this information into the docs.

Link to our internal Slack discussion about this: https://prisma-company.slack.com/archives/CFM8D5VHC/p1662565422477179

We do have some docs about SQL injection - https://www.prisma.io/docs/concepts/components/prisma-client/raw-database-access#sql-injection - maybe we can make this more findable?

From Seth: "... what protection and security benefit you get from using Prisma in general (not just raw SQL escape hatch). If you’ve never used Prisma, you would like to know how it goes about transforming the nice API into SQL. And while it feels obvious to expect it to do the right thing in terms of prepared statements, escaping, etc, I suspect it will be worth summarizing for folks."