2

In an mvc framework like angularjs, so far examples ive found stores the database credentials in an app.constant property in an app.js file, this is easily readable by users

in my case im connecting to mongolab via a service loaded from a mongolab.js file. my apikey is defined in there, and of course i have no access to the mongolab backend to have it receive a hash

what would be best practice to tackle this? preferably with pointers to some material i can study.

Improve this question
1

1 Answer 1

Reset to default
3

Why don't you connect to mongolab server side? Clientside will always be at risk, even if you use encryption.

In angular, you would have a service (using app.factory()), which connects via your service layer (using jsonp or another format), which will check his 'connector table' to call the right (external) service. Here is a very simple scheme:

Client (js) --> Server (java, php, ...) --> Service 1
                                        --> Service 2
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

care to elaborate on your preferred setup? what i can imagine from what you said is something like a REST service?
can it be something simple like a single php file that handles database queries, and then i use angular's $http service to send a request to this file?
Added a paragraph to my answer.
that is how i have it set up curently, the service layer (if i am understanding you correctly) is a mongolab.js file, which gets called as part of the markup, im following the example on angular's website. so what kind of service layer can obscure this?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.