Databases Lesson 10: Databases in Production
Running a database in production requires backups, monitoring, connection pooling, and security. Don’t learn this the hard way.
Essential Production Practices
# 1. Connection Pooling (NEVER open new connection per request)
# Use pg-pool, Prisma, or any ORM that handles this
const pool = new Pool({ connectionString: DB_URL, max: 10 });
# 2. Environment Variables
DATABASE_URL=postgresql://user:password@host:5432/dbname
# NEVER hardcode credentials!
# 3. Automated Backups
# PostgreSQL: pg_dump mydb > backup.sql
# Or use managed services: Supabase, Neon, PlanetScale
# 4. Migrations (never edit schema manually in production!)
# Use: Prisma migrations, Flyway, or db-migrate
Security Checklist
-- Create limited user for your app (not superuser!)
CREATE USER app_user WITH PASSWORD 'strong-password';
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES TO app_user;
-- Never: GRANT ALL or use superuser in production!
-- Prepare statements prevent SQL injection:
-- ❌ NEVER: "SELECT * FROM users WHERE id = " + userId
-- ✅ ALWAYS: "SELECT * FROM users WHERE id = $1" with [userId]
You completed the Databases course!
- Supabase — Postgres with auth, real-time, and storage
- Neon — Serverless Postgres, perfect for Next.js
🏋️ Practice Task
Set up a production-ready database: use a managed PostgreSQL service (Supabase free tier), connection pooling, run a migration, create an app user with limited permissions, test backup/restore with pg_dump.
💡 Hint: Supabase: go to supabase.com, create project, get DATABASE_URL, use with Prisma or node-postgres.