Reputation: 451
Azure Mobile services - MobileServiceClient from javascript - security concern
One thing that I am still not very clear about using Azure Mobile Services from Client side Javascript (MobileServiceClient) is about the security. Doesn't The exposure of my mobile service Appkey directly into client-side javascript makes it vulnerable to its malicious use? Anyone can steal the key and can put some junk data by looking at the code I may have in JS to add/update my data.
I believe I am lacking some very basic knowledge here, will very much appreciate if someone can fill up my lack of knowledge in this regards.
Upvotes: 1
Views: 200
Answers (1)
Reputation: 3092
You are right that the application key should not be used for controlling access. It is in all aspects public and can be obtained by anybody. The purpose of the application key is to help during development, nothing more.
If you want to limit access to your application, you should use user login using one of the providers (Azure Active Directory, Facebook, Twitter, Google, or Microsoft Account).
Hope this helps,
Henrik
Upvotes: 2
Related Questions
- Azure Mobile App Service Security
- MobileServices.web.js unauthorized api call
- Azure Mobile Services authentication with WinJS
- Azure Mobile Service and Javascript
- Querying azure mobile services with javascript
- Connecting Azure MobileServiceClient with local backend
- Azure Mobile Services with Javascript Library
- Azure mobile services service to service communication
- How do you securely access Windows Azure Mobile Services with Javascript in a web app?
- Javascript Windows Azure Mobile Service Client With Custom API