问题
I'd like to use SimpleDB for a mobile app. I have user accounts so I would have a 'TVM' which would authenticate the user and return a time limited token which allowing the mobile app to directly make SimpleDB calls.
I believe however there is no way to do this securely assuming the app needs to be able to write and select from the database. A malicious user could simply retrieve the token and write their own SimpleDB calls which could write anything to the DB.
Is it true that the only way to securely do writes to SimpleDB is to have all the calls made through my webserver to SimpleDB?
Here would be my Access Policy.
{
"Action":["sdb:PutAttributes",
"sdb:Select*"
],
"Effect":"Allow",
"Resource":"arn:aws:sdb:us-east-1:123456789012:domain/mySDBDomain"
},
回答1:
Yes, you need to have a gateway/proxy application of sorts somewhere to provide the additional level of validation and security that you're looking for. On the bright side it really doesn't have to be anything fancy.
A small web server with code written in your favorite language running on a micro-instance (assuming you won't get to much traffic) which simply takes requests from your mobile application, performs some small level of validation (i.e that the format of the data matches what you'd expect to see from your clients) and then sends it of as a properly formatted PUT-request to your SimpleDB domain.
来源:https://stackoverflow.com/questions/8528670/mobile-app-and-simpledb-direct-access-policy