问题
In MongoLab you generate an API key and then anyone can access your database using REST API.
Usual case is to use the REST api directly from Ajax clients.
But this gives anyone complete write access to your database, which is security hole.
Is there a way to generate an API key which will give READ ONLY access to the database
回答1:
Currently, all API keys have read and write access to the databases associated with the user's account. If you need to expose a read-only API we recommend building your own with one of the many frameworks available like Express or Sinatra.
来源:https://stackoverflow.com/questions/11250145/is-there-readonly-rest-api-key-to-a-mongolab-database-or-is-it-always-readwrite