| Access Control |
Application-level auth (SQL roles, app middleware) |
Enforced by the runtime: only the owning program can modify an account, and only with the required signer(s) |
| Cost of Storage |
Server/cloud hosting fees, pay for disk space |
Rent-exempt deposit proportional to data size; refundable when the account is closed |
| Identity/Keys |
Auto-increment IDs, UUIDs |
32-byte public keys or Program Derived Addresses (PDAs) |
| Reads |
SQL queries, document lookups |
RPC calls (getAccountInfo, getProgramAccounts) |
| Writes |
INSERT/UPDATE via application code |
Transactions with instructions, signed by authorized keys |
| Code vs Data |
Application code and database are separate systems |
Both are accounts; programs (code) and data accounts coexist in the same model |
| Deletion |
DELETE query removes the row |
Close the account, lamports are returned to you |
| Visibility |
Private by default; you choose what to expose |
Public by default; anyone can read any account's data |