2

I want to write a messenger app on Swift, iOS and as a database I chose MongoDB and turned ON authentication on it. And for the bridge I chose RESTHeart(GitHub). But for input something to database from RESTHeart I use the next line:

http PUT 127.0.0.1:8080/myfirstdb desc='this is my first db created with restheart' -a username:password

So, I use authentication for each connection. So my question is:

Is it OK, log in for each insert to database for the messenger app or there are another, better, solution? I think that I need to make this process as faster as possible

Blakes Seven
  • 49,422
  • 14
  • 129
  • 135
Orkhan Alizade
  • 7,379
  • 14
  • 40
  • 79

2 Answers2

3

Quoting the RESTHeart documentation:

If a request is successfully authenticated, an authentication token is generated and included in every subsequent responses. Following requests can either use the password or the auth token.

http://restheart.org/docs/security.html

You have to enable the auth token with the auth-token-enabled: true configuration

javahippie
  • 806
  • 10
  • 25
  • Thanks for your answer! I want to ask you, how you can see in my request with httpie I send username:password. But it's not secure at all. Can you advice me, how can I send request without username and password of my MongoDB database? – Orkhan Alizade Aug 12 '15 at 06:33
  • 1
    You are welcome. This is a separate topic so I think you should open a new question for this. – javahippie Aug 12 '15 at 06:38
1

You should also make sure to use https.

Quoting the RESTHeart documentation:

With stateless basic authentication, user credentials must be sent over the network on each request. It is mandatory to use only the https listener; with the http listener credentials can be sniffed by a man-in-the-middle attack. Use the http listener only at development time and on trusted environments.

Andrea Di Cesare
  • 1,125
  • 6
  • 11