我应该在每次调用 RESTHeart 时进行身份验证吗?
should I authenticate with every call to RESTHeart?
我想在 Swift、iOS 上编写一个 Messenger 应用程序,作为数据库,我选择了 MongoDB 并在其上打开了身份验证。对于桥梁,我选择了 RESTHear(GitHub)。但是为了从 RESTHeart 向数据库输入一些东西,我使用下一行:
http PUT 127.0.0.1:8080/myfirstdb desc='this is my first db created with restheart' -a username:password
因此,我对每个连接都使用身份验证。所以我的问题是:
是否可以在 Messenger 应用程序的每次插入数据库时登录,还是有其他更好的解决方案?我认为我需要使这个过程尽可能快
引用 RESTHeart 文档:
If a request is successfully authenticated, an authentication token is generated and included in every subsequent responses. Following requests can either use the password or the auth token.
http://restheart.org/docs/security.html
您必须使用 auth-token-enabled: true 配置启用身份验证令牌
您还应确保使用 https。
引用 RESTHeart 文档:
With stateless basic authentication, user credentials must be sent over the network on each request. It is mandatory to use only the https listener; with the http listener credentials can be sniffed by a man-in-the-middle attack. Use the http listener only at development time and on trusted environments.
我想在 Swift、iOS 上编写一个 Messenger 应用程序,作为数据库,我选择了 MongoDB 并在其上打开了身份验证。对于桥梁,我选择了 RESTHear(GitHub)。但是为了从 RESTHeart 向数据库输入一些东西,我使用下一行:
http PUT 127.0.0.1:8080/myfirstdb desc='this is my first db created with restheart' -a username:password
因此,我对每个连接都使用身份验证。所以我的问题是:
是否可以在 Messenger 应用程序的每次插入数据库时登录,还是有其他更好的解决方案?我认为我需要使这个过程尽可能快
引用 RESTHeart 文档:
If a request is successfully authenticated, an authentication token is generated and included in every subsequent responses. Following requests can either use the password or the auth token.
http://restheart.org/docs/security.html
您必须使用 auth-token-enabled: true 配置启用身份验证令牌
您还应确保使用 https。
引用 RESTHeart 文档:
With stateless basic authentication, user credentials must be sent over the network on each request. It is mandatory to use only the https listener; with the http listener credentials can be sniffed by a man-in-the-middle attack. Use the http listener only at development time and on trusted environments.