问题
I want to write a messenger app on Swift, iOS and as a database I chose MongoDB and turned ON authentication on it. And for the bridge I chose RESTHeart(GitHub). But for input something to database from RESTHeart I use the next line:
http PUT 127.0.0.1:8080/myfirstdb desc='this is my first db created with restheart' -a username:password
So, I use authentication for each connection. So my question is:
Is it OK, log in for each insert to database for the messenger app or there are another, better, solution? I think that I need to make this process as faster as possible
回答1:
Quoting the RESTHeart documentation:
If a request is successfully authenticated, an authentication token is generated and included in every subsequent responses. Following requests can either use the password or the auth token.
http://restheart.org/docs/security.html
You have to enable the auth token with the auth-token-enabled: true configuration
回答2:
You should also make sure to use https.
Quoting the RESTHeart documentation:
With stateless basic authentication, user credentials must be sent over the network on each request. It is mandatory to use only the https listener; with the http listener credentials can be sniffed by a man-in-the-middle attack. Use the http listener only at development time and on trusted environments.
来源:https://stackoverflow.com/questions/31957102/should-i-authenticate-with-every-call-to-restheart