6

I am starting to plan a web-app and Backbone.js will be a perfect fit for the client side. I have been planning on using node for the backend but this is open for the time being.

I need a way to secure the front-end app's connection to a database. I have had discussions with others on Quora but I think the thought process was too abstracted from the core problem.

I would prefer to be accessing the data by RESTful end-points, but I need to ensure only my app can talk to the API. I will have full control over both the front-end and back-end of the application. There is a possibility of other apps being built around the database (in a year or two), however they will be developed by me (i.e. not a public API) and these will probably use separate OAuth end-points.

Some notes on the app (may or may not be useful):

  • The app is planned to be offered in a SaaS model where companies subscribe and are allowed multiple users.
  • The data for each company needs to be secure and only accessible to members of that company.
  • All traffic (front-end and app to API) will be sent through SSL.

Any advice on the best way to do this will be greatly appreciated.

Jeremy Worboys
  • 533
  • 3
  • 16

1 Answers1

1

We have the exact same setup as you - SaaS model, multiple apps (mobile, web, etc) and when I followed your link, Miguel has the exact solution we use.

Token that is time stamped and sent to the client on auth. We store that hash token in a User Model and then every subsequent request we validate that token.

You can extend Backbone.Model with a BaseModel that appends the token to every server request by overriding Backbone.Sync

See here about how they extended a baseview and you can apply the same thing to a basemodel.

Community
  • 1
  • 1
imrane
  • 1,542
  • 2
  • 16
  • 29
  • I was thinking this would be the best solution but I thought I'd go for a second opinion. You say it works in practice so I'll think I'll stick with it, thanks. – Jeremy Worboys Sep 23 '12 at 02:56