Menu
I am thinking in using MongoDB as my main database. However, my app is fully in JavaScript and I wanted to use the REST API, client side.
I still can't understand what security mechanisms can I use in order to make a JS call to the database without revealing all the data to all the users.
Please advice on this matter.
Regards, Donald
674
MongoDB REST API is simple to set up and allows you to store and retrieve documents, making it great for Unstructured Data. Using Express JS as the backend web server with MongoDB as the document store is a common way of implementing the MongoDB REST API strategy.
To authenticate as a user, you must provide a username, password, and the authentication database associated with that user. To authenticate using the mongo shell, either: Connect first to the MongoDB or mongos instance. Run the authenticate command or the db.
Overview. The Custom JWT authentication provider allows users to authenticate with an authentication system that is independent from Atlas App Services. The external system must return a signed JSON Web Token that contains a unique ID value for the authenticated user.
MongoDB supports x. 509 certificate authentication for client authentication and internal authentication of the members of replica sets and sharded clusters.
First of all, you can enable database auth which will make the REST interface require authentication if connected to from a remote machine.
That said, it's a very bad idea to expose your database like you suggest. Build a persistence abstraction layer in a server technology you're comfortable with (node.js for example) and put all security constraints and authentication there. The advantages are numerous :
178
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
