CODEWITHSUNDEEP
javascriptazure
Raphael
Raphael

Reputation: 592

Securing Azure web app (easy tables)

I have created a backend for an android app (xamarin.android) usng Azure EasyTables. Now everything's working but I also want to access my EasyTables db from a website.

Currently as a test, I'm using the Azure mobile javascript sdk. As an absolute beginner, I really don't have an idea how I can make this secure. I have lines of code like 

var MobService = WindowsAzure.MobileServiceClient;
var client = new MobService(MYAPPURL);
var reportsTable = client.getTable("rp_Table");
var totalActs;
var query = reportsTable;
query.where(function (){return this.LicensePlate == lplate || this.ReporterId == uname;})
  .includeTotalCount().read().done(function (results){ });

all of which are EXPOSED to anyone. Where do I even begin to look to secure this? Is there a way to have some sort of stored procedure in Azure EasyTables so I can just disable anonymous CRUD permissions?

Upvotes: 0

Views: 137

Answers (2)

Aaron Chen
Aaron Chen

Reputation: 9950

You can disable anonymous CRUD permissions on the table via the Azure portal like this:

navigate to your App Service -> Easy tables -> select the table -> Change permissions

enter image description here

For more information, please refer to the following documentation articles:

How to: Use authentication claims with your tables

30 DAYS OF ZUMO.V2 (AZURE MOBILE APPS): DAY 6 – PERSONAL TABLES

Upvotes: 2

virtualsante
virtualsante

Reputation: 203

Raphael,

Could you try setting the firewall on your EasyTables DB as mentioned here: https://learn.microsoft.com/en-us/azure/sql-database/sql-database-security-tutorial

You would be able to specify client IP addresses to which you would like access to be granted to.

Upvotes: -1

Related Questions