Reputation: 920
The Javascript Datastore Problem
This might sound super crazy but I really want to know if this can be done.
Assume a multi-user site that gives users some tools to build web apps from the site itself (using only HTML/CSS/JS) and share them. Now, if each of the apps were to be assigned a datastore, say just a table for convenience, is it possible to make secure query/insert requests from the app to the backend to write to the assigned table.
Take an example - the app is a small game. The developer wants to record the scores of the users who play the game and wants to use his assigned datastore (see above) for it. Is it possible for the site to ensure that no other app/user can access this datastore? If so, how can it be done?
Edit: Please do note that there are three parties involved - the developer of the app who is a registered user, the app itself which has been granted the datastore and an app user (registered/unregistered) who is viewing the app.
Upvotes: 0
Views: 401
Answers (1)
Reputation: 13312
I think this is the same as using any type of backend datastore for any web app. You could assign the user a unique ID (which they have to validate by logging in) and then manage access to the datastore through AJAX post backs.
Upvotes: 1
Related Questions
- Javascript security on a server
- Javascript Security
- Secure db queries in single page web app
- Securing web application against information leakage
- Secure data in JavaScript
- Improving security with JS
- Saving JS data into the DB in a secure way
- HTML5 Web Database Security
- Web-app security: substitution of JavaScript code and data
- securing data used in java script file