How do I securely connect a Backbone.js app to a database?

Question

I am starting to plan a web-app and Backbone.js will be a perfect fit for the client side. I have been planning on using node for the backend but this is open for the time being.

I need a way to secure the front-end app's connection to a database. I have had discussions with others on Quora but I think the thought process was too abstracted from the core problem.

I would prefer to be accessing the data by RESTful end-points, but I need to ensure only my app can talk to the API. I will have full control over both the front-end and back-end of the application. There is a possibility of other apps being built around the database (in a year or two), however they will be developed by me (i.e. not a public API) and these will probably use separate OAuth end-points.

Some notes on the app (may or may not be useful):

• The app is planned to be offered in a SaaS model where companies subscribe and are allowed multiple users.
• The data for each company needs to be secure and only accessible to members of that company.
• All traffic (front-end and app to API) will be sent through SSL.

Any advice on the best way to do this will be greatly appreciated.

Answer 1

We have the exact same setup as you - SaaS model, multiple apps (mobile, web, etc) and when I followed your link, Miguel has the exact solution we use.

Token that is time stamped and sent to the client on auth. We store that hash token in a User Model and then every subsequent request we validate that token.

You can extend Backbone.Model with a BaseModel that appends the token to every server request by overriding Backbone.Sync

See here about how they extended a baseview and you can apply the same thing to a basemodel.