Skip to content Skip to sidebar Skip to footer
Home / Android / Elasticsearch / Http / Ios

Native App Talking Directly To Db

Post a Comment
I'm making an ios app, with ElasticSearch as the db. Since ES exposes an http api, technically I can have the client talk directly to the db without routing it through an app serve

Solution 1:

Security via obscurity (hiding the API calls by not having them in JavaScript) is never the answer. What's to stop somebody from just sniffing the traffic via WireShark or other similar software and then mapping your API that way?

You should never make your Elasticsearch installation visible to the outside world, ES is built around search, not security.

You'll have to build a wrapper with some baked in authentication if you want to do it properly and securely. The main reason for this is that (you even said it yourself) Elasticsearch is a database, kind of, and you wouldn't go making your database public facing now would you.

As a side note, there is https://github.com/sonian/elasticsearch-jetty but I've never used it and so couldn't recommend it. I'd stick with the wrapper...

You may like these posts

Post a Comment for "Native App Talking Directly To Db"