Pregunta
could somebody help me with this:
1. I am concern, about how secure is to use the drivers as code in the client. I mean, to connect to the database, you have to put the username and the password in the code ! that is not secure! somebody could just grab the code from the cellphone (reverse engineering) and get the user/password ! Also you have to put the queries in the code. somebody could manipulate that.
2. which driver should I use, to program the client for iOS ? (I am using Java driver)
Solución 3
Solution:
The drivers are safe, but they are not for provide web services to the internet. What it is need is an API, that communicates with the driver (in Python, in Java, in C#, ...). There are a lot of APIs out there to do that. Then you have to modify and extend that API according to what exactly you need.
I end up using the great API called Eve which I recommend.
Otros consejos
You shouldn't be exposing mongodb to the internet. Instead your mobile app should talk to a server app, which, in turn, will talk to private instance of mongodb (not available to the world, only to the server app).
And in that server app you can make necessary authentication and checks.
In addition to Sergio's answer, we also recommend that you utilize environment/config variables to avoid hardcoding your URI in the app.
You can read more on the topic here: http://12factor.net/config
Feel free to email us anytime at support[AT]mongolab{DOT}com as well if you have questions regarding your MongoDB and security.
https://stackoverflow.com/questions/18578312
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian