Menu
I read this at the docs:
Database Everywhere. Use the same transparent API to access your database from the client or the server.
This is great, but I think there are some security issues. Providing full and transparent access to the database at client side you are exposed to bad users, which modify you JS code (it's really at his browser and he can do it) and add any database action that could retrieve/remove/update data that perhaps could be sensible.
Please, correct me if I'm wrong. Thanks!
763
You are correct. The developers are currently working on Auth and security concerns. As of now everything is open and great for creating prototypes and test apps however they are vulnerable to users retrieve/remove/update data as they like.
See the developer response to this question here: Link
124
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
