Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The lack of object level permissions is a really spectacular footgun and the fact that it's not even on the roadmap is concerning.

Want to allow users to set their own name? I hope you're OK with any user being able to update any field of any other user too!

Added a new entry and didn't specify a policy for every single available action? They default to unauthenticated access!

> If no policy is specified for a rule, the access is public for the related action, thus anyone can manage records.

Aaaaaa!



Something that follows this pattern of a single file backend is PocketBase. I’ve used it on personal projects and, while not being 1.0 yet, it’s growing quickly


Pocketbase is amazing! Going through Manifest's docs, I kept thinking, "but I'd rather use PocketBase"

pocketbase has helped me get a few boutique websites and systems out so far with incredible speed and a joy that I rarely feel near web these days.

Though I should remain open-minded. An even simpler backend would be nicer (maybe). Also the AI-friendly approach looks promising.


That default by itself makes me want to run away from this project, fast, because it implies there are similar business-destroying footguns elsewhere.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: