Reputation: 2834
ACL without server side logic
Would this be possible to have ACL for REST API implemented inside stored procedures in Mongo? Is this a good idea? Doing this way I could completely omit the need for application server - the ACL logic would be handled by Mongo and the app logic would reside on client side.
Upvotes: 1
Views: 1204
Answers (2)
Reputation: 2834
Found a solution!
Being extremely lazy person I found out that Deployd does exactly what I want (provide a backend without writing much code). The ACLs are easily configured and the setup is very easy.
Upvotes: 2
Reputation: 21934
Short answer: no
MongoDB can run javascript functions on the server in a few contexts, but they are never stored in the database. So you would have to send the javascript code to the server, because there are no "stored procedures" in MongoDB. So implementing an ACL in your case would mean sending this "ACL implementation" code from the client, which is not secure enough. There must be a server between the client and your Mongo database.
Upvotes: 2
Related Questions
- Mongo access DB user rights
- Restheart for MongoDB, ACL and users
- How can I implement field-level permissions for MongoDB?
- Node.js and ACL
- ACL granularity
- Running 'node_acl' with mongoose on ExpressJS
- mongodb: restrict read/write access on a specific collection
- Modelling Access Control in MongoDB
- how to create ACL with mongoose-acl node.js
- Access Control in MongoDB