Welcome to my PinkLetter. A short, weekly, technology-agnostic, and pink newsletter where we cultivate timeless skills about web development.
I’ve been obsessed with SQL // Postgres recently. Here are a few interesting things I’ve discovered:
join b on a.c = b.c==
join b using (c).
psql --html --dbname DBNAME --command QUERY postgres > out.html.
\editin psql to open the editor and write the query.
EXPLAIN (analyze, verbose, buffers)and throw the output in https://explain.depesz.com or PostgreSQL Explain Visualizer.
from A cross join B==
from A, B.
COUNT(*) FILTER (WHERE ...)(docs).
Have you dealt with a difficult SQL query recently? Please reply to this email and tell the story. I’m researching the topic and would be grateful for life.
Not enough links this week, huh? Here’s one more.
I swear it is not about Postgres!
JWT should not be your default for sessions by Evert Pot
Using JWTs for tokens add some neat properties and make it possible in some cases for your services to be stateless, which can be desirable property in some architectures.
Adopting them comes with drawbacks. You either forego revocation, or you need to have infrastructure in place that be way more complex than simply adopting a session store and opaque tokens.
My point in all this is not to discourage the use of JWT in general, but be deliberate and careful when you do. Be aware of both the security and functionality trade-offs and pitfalls. Keep it out of your ‘boilerplates’ and templates, and don’t make it the default choice.