OrientDB Security - Javascript

Question

OrientDB Security - Javascript

We are using OrientDB Server as our database for our mobile application.

Since we are using Javascript and REST Api to communicate between OrientDB and our Application, our username and password are not secure because any user can view the source and see all the credentials to access orientDB.

How are we going to deal with this situation? What can we protect our server from anonymous users?

Thank!

Any answer is greatly appreciated.

+3

json javascript rest orientdb

Junnel Gallemaso 11 Feb '13 at 2:30

source to share

4 answers

yojimbo87 · Answer 1 · 2013-02-25T08:14:19+0000

You have to use some underlying technology / framework for abstract direct access to OrientDB so that users cannot manipulate your database directly. You can try looking at node.js if you like working with JavaScript.

Lvca · Answer 2 · 2013-02-11T10:02:12+0000

You can ask the client for a username / password and just let the "guest" see the public pages.

FireLeopard · Answer 3 · 2015-03-13T11:23:55+0000

I would recommend not having an interface directly with the database, as that would make it harder to protect and defend against injection.

Using some internal code is best for communicating with the database.

JoeS. · Answer 4 · 2015-06-10T13:56:10+0000

You can set a default username and password for the ORole reader, which will only read the database, they can't write anything until they register and log in. Once registered and logged in, their own password will be used instead of the default. At this point, you just need to configure the databases as "Restricted".

ORoles should allow you to configure users so that even if they see different records in the database, they can only delete their own records and not other authors. The database will be checked each time the command is received to see if the user is allowed to make this change. See "Recording Level" for details .

OrientDB Security - Javascript

More articles: