Forum | Appery.io

Catch up wih the Appery.io community on our forum. Here you'll find information on the lastest questions and issues Appery.io developers are discussing.
https://forum.appery.io/

is there any way to prevent unauthenticated access to the db service?

https://forum.appery.io/viewtopic.php?t=10268

Page 1 of 1

is there any way to prevent unauthenticated access to the db service?

Posted: Mon Dec 02, 2013 10:02 pm
by Wolfgang Dietersdorfer

if sessionToken is omitted in REST calls to the database service, all of the data is visible.
Is there any way to restrict access to the db service only to authenticated users - ones with valid "sessionToken"s?

is there any way to prevent unauthenticated access to the db service?

Posted: Mon Dec 02, 2013 10:59 pm
by maxkatz

Yes, add ACL to each record in the collection. This way when you do a GET without a session token, no data will be returned.

is there any way to prevent unauthenticated access to the db service?

Posted: Tue Dec 03, 2013 6:39 am
by Wolfgang Dietersdorfer

Hm, so which ACL string do I have to use if I want ALL users(if logged-in/authenticated) to be able access a certain row?

is there any way to prevent unauthenticated access to the db service?

Posted: Tue Dec 03, 2013 9:49 am
by Maryna Brodina

Hello! There is no way to do that. Currently it can be done only using server code (use server code as a proxy to request DB).

is there any way to prevent unauthenticated access to the db service?

Posted: Tue Dec 03, 2013 2:25 pm
by Wolfgang Dietersdorfer

Well, thanks for letting me know.

All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited