if sessionToken is omitted in REST calls to the database service, all of the data is visible.
Is there any way to restrict access to the db service only to authenticated users - ones with valid "sessionToken"s?
-
Wolfgang Dietersdorfer
- Posts: 0
- Joined: Wed Aug 14, 2013 11:35 pm
is there any way to prevent unauthenticated access to the db service?
is there any way to prevent unauthenticated access to the db service?
Yes, add ACL to each record in the collection. This way when you do a GET without a session token, no data will be returned.
-
Wolfgang Dietersdorfer
- Posts: 0
- Joined: Wed Aug 14, 2013 11:35 pm
is there any way to prevent unauthenticated access to the db service?
Hm, so which ACL string do I have to use if I want ALL users(if logged-in/authenticated) to be able access a certain row?
-
Maryna Brodina
- Posts: 0
- Joined: Thu Apr 05, 2012 7:27 am
is there any way to prevent unauthenticated access to the db service?
Hello! There is no way to do that. Currently it can be done only using server code (use server code as a proxy to request DB).
-
Wolfgang Dietersdorfer
- Posts: 0
- Joined: Wed Aug 14, 2013 11:35 pm
is there any way to prevent unauthenticated access to the db service?
Well, thanks for letting me know.