How does Mongolab REST API authenticate

后端 未结 3 730
春和景丽
春和景丽 2021-02-07 23:52

The REST API for Mongolab is cool. I can use that for analytics in my website directly using the following javascript, provided on Mongolab\'s support page. Only if I can unders

3条回答
  •  失恋的感觉
    2021-02-08 00:25

    I'd like to use MongoLab service for my first AngularJs app with MongoDB, but MongoLab is not ready for production with a web app that wants access from the front end to the MongoDB.

    It's very easy to get the API key in the browsers network traffic (see screenshot below, the apiKey is in plain text there) and then any one can have full access to the DB. So messing around with the MongoDB would be no problem.

    I haven't found a workaround for MongoLab yet. At the moment, I think I will use another service like https://www.dreamfactory.com/

    I haven't tried it in detail yet but it looks great for an AngularApp with MongoDB and I need to check how they implemented the security of the api. On the first look, it looks like it is working with session tokens to secure the requests to the database.

    Screenshot network traffic MongoLab credentials

提交回复
热议问题