• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Single Page Application : API Key and password vulnerability

 
Ranch Hand
Posts: 98
Angular Framework Chrome Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Fernando,

I am started learning Front end technology from past 6 months .i did't start with AngularJS and other JavaScript lib.

I am trying to create small application such as weather & live sport scores apps using HTML5,CSS3 and JQuery .

database provider like mongolab offers 500mb free database problem is we make a database connectivity using API keys or password with REST api call formally $.ajax() method in jquery but this JavaScript code is visible to any one they can make change in our database using this information. kindly advise best coding practice for this scenario.

thanks in advance
 
Author
Posts: 17
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi, Dinesh. Thanks for the question.

I recommend you to use some server side code between your frontend and your database. Accessing the database directly from jQuery Ajax using username and password is not a good option.
For JavaScript you can use some tools like Express framework to build the access point and then returning your Json to your front end. This way the code with user and password will not be available on Ajax request.

This case apply to any database services. If you using an API with token validation and permissions like Twitter, you can access the data directly from Ajax calls.

 
Dinesh Kumar Ramakrishnan
Ranch Hand
Posts: 98
Angular Framework Chrome Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for your coding advice Fernando
 
We must storm this mad man's lab and destroy his villanous bomb! Are you with me tiny ad?
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic